Scoperly

Privacy Policy

Last updated: April 13, 2026

Introduction

Scoperly LLC ("Scoperly," "we," "us," or "our"), a company registered in the Republic of Armenia, operates the Scoperly B2B wholesale platform at scoperly.com and all related applications (the "Platform").

This Privacy Policy explains how we collect, use, share, store, and protect information about you and your business when you use the Platform. It also describes your rights regarding your personal data and how to exercise them.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Platform. This Policy should be read together with our Terms of Service and Refund Policy.

1. Data Controller

Scoperly LLC is the data controller responsible for the processing of your personal data in connection with the Platform. For questions about data protection, you can reach us at:

Scoperly LLC
Yerevan, Republic of Armenia
Email: privacy@scoperly.com

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, password, and avatar image when you register for an account.
  • Business Information: Company name, legal name, tax identification number (e.g., HVHH in Armenia, BIN in Kazakhstan), business address, website, and company logo.
  • KYB Verification Documents: Business registration certificates, tax certificates, licenses, and other documents required by local regulations to verify your business identity.
  • Delivery Addresses: Physical addresses, contact names, phone numbers, and geographic coordinates for order delivery.
  • Financial Information: Bank account details (IBAN, bank name, account holder name) for settlement payments to Suppliers. Payment card information for subscriptions is collected and processed directly by our Merchant of Record, Paddle (see Section 5.2), and is not stored on our servers.
  • Product Content: Product descriptions, images, pricing, and specifications uploaded by Suppliers.
  • Communications: Messages sent through the Platform, support inquiries, reviews, and dispute details.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, search queries, click patterns, session duration, and interaction timestamps.
  • Device Information: Browser type and version, operating system, screen resolution, and device type.
  • Network Information: IP address, approximate geographic location (country/city level), and internet service provider.
  • Cookies and Similar Technologies: See Section 9 (Cookies) for details.

2.3 Information from Third Parties

  • Payment Processor (Paddle): Paddle, our Merchant of Record, provides us with subscription status, billing cycle information, and payment confirmation. We do not receive or store your full payment card details. For more information, see Paddle's Privacy Policy.
  • Other Users: Buyers and Suppliers may provide information about each other through orders, reviews, and dispute filings.

3. Legal Bases for Processing (GDPR)

For Users in the European Economic Area (EEA), we process personal data under the following legal bases as defined in Article 6 of the GDPR:

  • Performance of a Contract (Art. 6(1)(b)): Processing necessary to provide the Platform services — account management, order processing, invoicing, settlements, and customer support.
  • Legitimate Interests (Art. 6(1)(f)): Platform analytics and improvement, fraud detection and prevention, security monitoring, and enforcement of our Terms of Service. We balance our legitimate interests against your rights and freedoms.
  • Consent (Art. 6(1)(a)): Marketing communications, non-essential cookies, and analytics tracking. You may withdraw consent at any time.
  • Legal Obligation (Art. 6(1)(c)): Compliance with tax and financial recordkeeping laws, regulatory requirements, KYB verification obligations, and responses to lawful requests from authorities.

For Users outside the EEA, we process data in accordance with the applicable data protection laws of the country in which you are established, including but not limited to the laws of the Republic of Armenia, Russian Federation (152-FZ), Republic of Kazakhstan, Republic of Uzbekistan, Georgia, and the United Arab Emirates (PDPL).

4. How We Use Your Information

We use collected information to:

  • Provide and operate the Platform: Create and manage your account, process orders, facilitate transactions between Buyers and Suppliers, generate invoices, calculate settlements.
  • Verify your business identity: Conduct KYB verification, assess eligibility, and comply with applicable regulatory requirements.
  • Process payments: Manage subscription billing (via Paddle), track payments between parties, and process settlement payouts.
  • Communicate with you: Send transactional notifications (order updates, payment confirmations, system alerts), respond to support inquiries, and deliver Platform announcements.
  • Improve the Platform: Analyze usage patterns, diagnose technical issues, optimize performance, and develop new features.
  • Ensure security: Detect and prevent fraud, abuse, and unauthorized access; enforce rate limits; and maintain the integrity of the Platform.
  • Comply with legal obligations: Maintain financial records as required by tax authorities, respond to lawful government requests, and fulfill regulatory reporting obligations.
  • Send marketing communications: With your explicit consent only, send information about new features, promotions, or relevant updates. You can opt out at any time. We do not use data received from Paddle for marketing purposes without your separate opt-in consent.

5. Information Sharing and Disclosure

We do not sell your personal data to third parties. We share information only in the following circumstances:

5.1 Between Buyers and Suppliers

To facilitate transactions on the Platform, we share relevant business information between transacting parties: business name, delivery addresses, order details, contact information, and invoice data. This sharing is essential for the Platform to function.

5.2 Service Providers

We engage third-party service providers who process data on our behalf under contractual obligations to protect your information:

  • Paddle (United Kingdom) — Our Merchant of Record for subscription payment processing, billing management, invoicing, and sales tax/VAT handling. Paddle processes payment card data directly and does not share full card details with us. See Paddle's Privacy Policy and Data Processing Addendum.
  • Google Cloud Platform (varies by region) — Cloud infrastructure, data storage, computing, and content delivery.
  • Resend (United States) — Transactional email delivery (order notifications, account alerts, verification emails).

5.3 Legal and Regulatory

We may disclose information when required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to: (a) comply with applicable laws; (b) protect the rights, property, or safety of Scoperly, our Users, or the public; (c) detect, prevent, or address fraud, security, or technical issues.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Platform before your information is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

Scoperly operates internationally and may transfer your data to countries other than the one in which you reside. Our primary infrastructure is hosted on Google Cloud Platform, with data centers located in various regions.

For EEA Users: When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including: (a) European Commission adequacy decisions; (b) Standard Contractual Clauses (SCCs) approved by the European Commission; or (c) other lawful transfer mechanisms under the GDPR. You may request a copy of the applicable safeguards by contacting us at privacy@scoperly.com.

For Russian Users: In accordance with Federal Law No. 152-FZ, personal data of Russian citizens is stored and processed on servers located within the Russian Federation where a dedicated Russian infrastructure deployment is in operation. Please contact us for country-specific details regarding your data location.

For UAE Users: We comply with the UAE Personal Data Protection Law (PDPL) and ensure that any cross-border data transfers are supported by adequate data protection measures or your explicit consent.

7. Data Retention

We retain your information for as long as necessary to provide the Platform services and fulfill the purposes described in this Policy, subject to the following guidelines:

  • Active account data: Retained for as long as your account remains active.
  • Financial records (orders, invoices, settlements, payments): Retained for a minimum of 7 years after creation, as required by applicable tax and commercial legislation.
  • Audit logs: Retained for 7 years and never deleted, to ensure full traceability of financial transactions and regulatory compliance.
  • KYB verification documents: Retained for the duration of the business relationship and for 5 years thereafter.
  • Product import staging data: Retained for 90 days after processing.
  • In-app notifications: Retained for 90 days.
  • Deleted accounts: Upon account deletion request, personal data is anonymized within 30 days and permanently removed within 180 days, except where retention is required by law (e.g., financial records).

8. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data, subject to legal retention obligations.
  • Right to Restrict Processing: Request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format (CSV, JSON) and transfer it to another service. The Platform provides built-in export tools for this purpose.
  • Right to Object: Object to processing based on legitimate interests, including profiling and direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right Related to Automated Decision-Making: We do not make decisions based solely on automated processing that produce legal effects concerning you.

To exercise any of these rights, please contact us at privacy@scoperly.com. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.

Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. For EU Users, a list of authorities is available at edpb.europa.eu.

9. Cookies and Similar Technologies

We use cookies and similar technologies to operate the Platform and improve your experience. The types of cookies we use include:

TypePurposeRequired
Strictly NecessaryAuthentication (session cookies, refresh tokens), CSRF protection, cookie consent preferencesYes
FunctionalLanguage preference, theme preference (light/dark mode), remembered form settingsNo
AnalyticsPlatform usage patterns, page views, feature adoption, performance monitoringNo

You can manage your cookie preferences through the cookie consent banner displayed when you first visit the Platform, or through your browser settings. Disabling strictly necessary cookies may prevent you from using certain features of the Platform.

We do not use third-party advertising or marketing cookies. We do not participate in cross-site tracking or targeted advertising.

10. Data Storage and Security

We implement industry-standard technical and organizational measures to protect your data:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
  • Encryption at Rest: Data stored in our databases and cloud storage is encrypted at rest using AES-256 encryption.
  • Access Controls: Strict role-based access controls limit who can access your data within our organization and on the Platform.
  • Password Security: User passwords are hashed using BCrypt with a strength factor of 12 and are never stored in plain text.
  • Infrastructure Security: Our infrastructure is hosted on Google Cloud Platform with network firewalls, DDoS protection (Cloud Armor), and regular security monitoring.
  • Audit Trail: All significant actions on the Platform are logged with timestamps, user identification, and details of changes for security and compliance.
  • Token Security: Access tokens have a short expiry (15 minutes), refresh tokens are stored as httpOnly cookies and cannot be accessed by client-side scripts.

While we take extensive measures to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR and applicable laws).
  • Notify affected Users without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  • Document the breach, its effects, and the remedial actions taken.

12. Children's Data

The Platform is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete such information promptly.

13. Third-Party Links and Services

The Platform may contain links to third-party websites or services (such as Paddle's payment portal). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with through the Platform.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. We will notify registered Users of material changes via email and/or prominent notice within the Platform at least fourteen (14) days before they take effect. The updated Policy will be posted on this page with a revised "Last updated" date.

We encourage you to review this Policy periodically. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Team
Scoperly LLC
Yerevan, Republic of Armenia
Email: privacy@scoperly.com

For general inquiries: support@scoperly.com
For legal matters: legal@scoperly.com

Terms of ServiceRefund Policy
Back to Home