Effective date: 22nd February 2026
1. INTRODUCTION AND SCOPE
1.1 Purpose of this Privacy Policy.
This Privacy Policy (“Policy”) describes how SKRAGGLE (“SKRAGGLE,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal data in connection with the SKRAGGLE platform, including its customer data platform (CDP), marketing automation tools, tracking technologies, artificial intelligence features, payment orchestration functionality, APIs, dashboards, and related services (collectively, the “Platform”).
1.2 Scope of Application.
This Policy applies to personal data processed by SKRAGGLE when:
(a) businesses register for or use the Platform;
(b) individuals interact with our website or business communications; and
(c) SKRAGGLE processes personal data in its capacity as a data controller.
1.3 Controller vs. Processor Distinction.
SKRAGGLE provides infrastructure and technology that enables business customers (“Customers”) to collect, analyze, segment, activate, and route data relating to their own end users.
Accordingly:
(a) When Customers deploy SKRAGGLE tracking code, server-side integrations, forms, APIs, or other tools on their own websites or applications, SKRAGGLE processes such data solely on behalf of and under the instructions of the Customer; and
(b) In such cases, the Customer acts as the data controller (or equivalent role under applicable data protection laws), and SKRAGGLE acts as a data processor.
This Policy does not govern the privacy practices of Customers with respect to their own end users. Individuals whose data is collected through a Customer’s implementation of the Platform should consult that Customer’s privacy notice.
1.4 Business-Focused Platform.
The Platform is designed for business use. SKRAGGLE does not intentionally collect personal data directly from consumers except where necessary for website functionality, account administration, or legal compliance.
2.CONTRACTING ENTITIES AND DATA CONTROLLERS
2.1 SKRAGGLE EU Entity.
For Customers established in the European Union or United Kingdom, the contracting entity and data controller for account and business-related data is SKRAGGLE’s Irish parent entity.
2.2 SKRAGGLE U.S. Entity.
For Customers established in the United States or outside the EU/UK, the contracting entity and data controller for account and business-related data is SKRAGGLE’s Delaware entity.
2.3 Controller Role.
SKRAGGLE acts as a data controller with respect to:
(a) account registration information;
(b) billing and subscription information;
(c) communications with Customers;
(d) website visitor data collected directly by SKRAGGLE; and
(e) platform security and fraud prevention data.
2.4 Processor Role.
SKRAGGLE acts as a data processor with respect to personal data submitted to or collected through the Platform by or on behalf of Customers, including through:
(a) Tracking Code deployment;
(b) API integrations;
(c) CRM and messaging integrations;
(d) Payment Orchestration functionality; and
(e) AI-driven segmentation and analytics performed on Customer Data.
2.5 Data Processing Agreement.
Where required under applicable Data Protection Laws, processing of personal data on behalf of Customers is governed by a separate Data Processing Agreement (“DPA”), which forms part of the contractual relationship between SKRAGGLE and the Customer.
3.CATEGORIES OF PERSONAL DATA WE COLLECT
SKRAGGLE processes the following categories of personal data, depending on context:
3.1 Account and Business Information
When Customers register for the Platform, we may collect:
3.2 Usage and Technical Information
When users access the Platform or our website, we may collect:
3.3 Tracking Code and Event Data (Processed on Behalf of Customers)
When a Customer deploys SKRAGGLE Tracking Code or server-side integrations on its digital properties, personal data may be collected and processed on the Customer’s behalf, including:
SKRAGGLE does not independently determine what data is collected through such deployments. Customers control the configuration and scope of such collection.
3.4 Payment Orchestration Metadata
In connection with Payment Orchestration functionality, SKRAGGLE may process:
SKRAGGLE does not take custody of funds and does not act as a payment processor, bank, money transmitter, or financial institution.
3.5 AI-Generated Inferences
Where Customers use AI features, the Platform may generate:
Such outputs are generated automatically based on Customer-configured models and underlying Customer Data.
3.6 Sensitive Personal Data
Unless expressly agreed in writing, the Platform is not intended for the processing of:
Customers are solely responsible for ensuring that they do not submit sensitive personal data to the Platform except where permitted under the applicable agreement and lawful under Applicable Laws.
4.HOW PERSONAL DATA IS COLLECTED
SKRAGGLE collects personal data through the following mechanisms:
4.1 Direct Collection.
Information provided directly by Customers during registration, onboarding, subscription management, or communications.
4.2 Automated Collection.
Technical and usage data collected automatically when users access the Platform or website.
4.3 Customer-Implemented Tracking Code.
Personal data collected through Tracking Code, pixels, snippets, server-side scripts, APIs, or similar technologies deployed by Customers on their own digital properties.
Deployment and configuration of such technologies are determined solely by the Customer.
4.4 Third-Party Integrations.
Where Customers integrate CRM systems, payment gateways, messaging platforms, analytics tools, or advertising platforms, personal data may be transmitted through the Platform based on Customer instructions.
4.5 Payment Providers.
Payment transaction data may be routed through the Platform to independent Payment Providers under separate agreements between the Customer and such providers.
SKRAGGLE does not independently source personal data from Payment Providers except as necessary to provide routing and orchestration services.
5.PURPOSES OF PROCESSING
SKRAGGLE processes personal data for the following purposes:
5.1 Provision of the Platform.
To operate, maintain, and provide the Platform and associated services.
5.2 Account Administration.
To create and manage Customer accounts, process payments for subscriptions, and communicate with Customers.
5.3 Payment Orchestration Functionality.
To enable routing of transaction requests to Customer-selected Payment Providers.
5.4 AI and Analytics Functionality.
To generate predictive insights, segmentation outputs, and analytics results based on Customer Data.
5.5 Security and Fraud Prevention.
To detect, prevent, and investigate fraud, abuse, unauthorized access, sanctions violations, or security threats.
5.6 Compliance with Legal Obligations.
To comply with applicable laws, regulatory requirements, and lawful requests from public authorities.
5.7 Service Improvement.
To improve, optimize, and enhance Platform functionality using anonymized or aggregated data that does not identify individual data subjects.
SKRAGGLE does not use Customer Data for independent marketing purposes.
6.LEGAL BASES FOR PROCESSING (EU/UK)
For individuals located in the European Union or United Kingdom, SKRAGGLE relies on the following legal bases:
6.1 Performance of a Contract.
Processing necessary to provide the Platform and fulfill contractual obligations to Customers.
6.2 Legitimate Interests.
Processing necessary for:
Where processing is based on legitimate interests, SKRAGGLE balances its interests against the rights and freedoms of affected individuals.
6.3 Legal Obligation.
Processing necessary to comply with applicable laws, including financial reporting, sanctions compliance, and regulatory obligations.
6.4 Consent (Where Applicable).
Where required by law, processing is conducted on the basis of consent. In relation to data collected via Customer-deployed Tracking Code, the Customer is responsible for obtaining any required consent from its end users.
6.5 Processor Processing.
Where SKRAGGLE acts as a data processor, processing is conducted solely on documented instructions from the Customer and not based on independent legal grounds.
7.PROCESSING OF CUSTOMER DATA AS A DATA PROCESSOR
7.1 Role Allocation.
With respect to personal data included in Customer Data, SKRAGGLE acts as a data processor and processes such data only on behalf of and under the documented instructions of the Customer.
7.2 Customer Responsibility.
Customers are responsible for:
(a) determining the purposes and means of processing;
(b) establishing a lawful basis for processing;
(c) providing legally compliant privacy notices;
(d) obtaining any required consents;
(e) responding to data subject rights requests.
7.3 No Independent Use.
SKRAGGLE does not:
(a) sell Customer Data;
(b) use Customer Data for independent advertising;
(c) combine Customer Data across Customers for marketing purposes.
7.4 Subprocessors.
SKRAGGLE may engage subprocessors (including infrastructure and hosting providers) to assist in providing the Platform. SKRAGGLE remains responsible for the performance of its subprocessors in accordance with applicable law and the DPA.
7.5 Processing Limitations.
SKRAGGLE processes Customer Data only:
(a) to provide the Platform;
(b) to comply with legal obligations;
(c) to protect Platform security;
(d) as otherwise permitted under the DPA.
7.6 Cross-Border Processing.
Customer Data may be processed in jurisdictions outside the Customer’s country of establishment, subject to appropriate safeguards as described in this Policy and the DPA.
8.TRACKING TECHNOLOGY AND FIRST-PARTY DATA COLLECTION
8.1 Customer-Controlled Deployment.
SKRAGGLE provides Tracking Code, APIs, server-side integrations, and form-building tools that Customers may deploy on their own websites, applications, or digital properties.
Customers independently determine:
(a) whether to deploy such technologies;
(b) what data fields are collected;
(c) how such data is configured;
(d) the retention parameters applied to such data.
8.2 Controller Responsibility.
Where Tracking Code or similar technologies are deployed on a Customer’s digital property, the Customer acts as the data controller with respect to any personal data collected through such implementation.
SKRAGGLE does not independently determine the scope, categories, or lawful basis for such collection.
8.3 Consent and Transparency Obligations.
Customers are solely responsible for:
(a) providing legally compliant privacy notices;
(b) obtaining any required consent under applicable ePrivacy, cookie, marketing, or data protection laws;
(c) implementing consent management mechanisms where required;
(d) ensuring lawful cross-border transfers where applicable.
8.4 No Independent Website Surveillance.
SKRAGGLE does not deploy Tracking Code on third-party websites for its own purposes and does not conduct cross-customer behavioral advertising or independent consumer profiling.
8.5 Server-Side Tracking.
Where Customers configure server-side data collection, SKRAGGLE processes such data solely in accordance with Customer instructions and applicable contractual terms.
9.COOKIES AND SIMILAR TECHNOLOGIES
9.1 Cookies on SKRAGGLE Website.
SKRAGGLE may use cookies and similar technologies on its own website for:
(a) essential website functionality;
(b) authentication;
(c) security monitoring;
(d) analytics and performance measurement.
9.2 Types of Cookies.
These may include:
SKRAGGLE does not use third-party advertising cookies for behavioral advertising unless explicitly disclosed.
9.3 Cookie Management.
Users may manage cookie preferences through browser settings or consent management tools where implemented.
9.4 Customer-Deployed Cookies.
Cookies or tracking technologies deployed through Customer implementations of the Platform are controlled by the Customer and subject to the Customer’s privacy practices.
10.PAYMENT ORCHESTRATION DATA HANDLING
10.1 Limited Technical Role.
SKRAGGLE provides Payment Orchestration functionality that enables Customers to route transaction data to Payment Providers selected by the Customer.
10.2 No Financial Institution Status.
SKRAGGLE:
(a) does not process payments;
(b) does not hold, receive, or control customer funds;
(c) is not a bank, payment institution, money transmitter, merchant acquirer, or financial intermediary.
10.3 Independent Payment Providers.
All payment processing services are provided directly by independent Payment Providers under separate agreements between the Customer and such providers.
10.4 Transaction Risk.
Customers remain solely responsible for:
10.5 Data Minimization.
SKRAGGLE processes only transaction metadata and routing-related data necessary to provide orchestration functionality.
10.6 PCI Responsibility Allocation.
SKRAGGLE does not store full cardholder data unless expressly agreed and implemented under applicable PCI standards. Customers are responsible for ensuring their own PCI compliance obligations where applicable.
11.ARTIFICIAL INTELLIGENCE AND PROFILING
11.1 AI Functionality.
The Platform may include artificial intelligence, machine learning, predictive analytics, automated segmentation, and profiling tools (“AI Features”).
11.2 Nature of AI Outputs.
AI outputs are probabilistic and may generate inferences, classifications, predictions, or recommendations based on underlying Customer Data.
11.3 No Autonomous Decision-Making by SKRAGGLE.
SKRAGGLE does not independently make legal or similarly significant decisions about individuals. AI outputs are generated as tools for Customer use.
11.4 Customer Responsibility for Automated Decisions.
Customers are responsible for ensuring that their use of AI outputs complies with applicable laws, including:
11.5 Human Oversight.
Customers must implement appropriate human review mechanisms where required by law.
11.6 Model Improvement.
SKRAGGLE may use anonymized and aggregated data that does not identify individuals to improve Platform functionality and AI systems.
SKRAGGLE does not use identifiable Customer Data to train generalized public AI models.
12.DISCLOSURE OF PERSONAL DATA
SKRAGGLE may disclose personal data in the following circumstances:
12.1 Infrastructure and Hosting Providers
SKRAGGLE utilizes third-party infrastructure providers to host and operate the Platform, which may include cloud hosting services (such as Amazon Web Services or equivalent providers). These providers process personal data solely for the purpose of delivering infrastructure services under contractual data protection obligations.
12.2 Payment Service Providers
Where Customers use Payment Orchestration functionality, personal data and transaction metadata may be transmitted to independent payment service providers selected by the Customer (which may include providers such as Stripe or other gateways). Such providers operate under separate agreements with the Customer and act as independent controllers or processors as defined in their respective terms.
12.3 Analytics and Monitoring Providers
SKRAGGLE may use third-party analytics and performance monitoring services (which may include tools such as Google Analytics or equivalent services) to understand website performance, usage metrics, and system stability. These providers process data in accordance with their own privacy policies and applicable data protection laws.
12.4 Subprocessors
SKRAGGLE may engage additional subprocessors to support service delivery. A current list of subprocessors is available upon request or at: _______________________.
12.5 Professional Advisors
Legal, accounting, compliance, and other professional advisors subject to confidentiality obligations.
12.6 Corporate Affiliates
Entities within the SKRAGGLE corporate group for operational and administrative purposes.
12.7 Legal and Regulatory Authorities
Where required by law, subpoena, court order, or valid regulatory request.
12.8 Business Transfers
In connection with merger, acquisition, restructuring, or asset sale, subject to appropriate confidentiality safeguards.
12.9 No Sale of Personal Data
SKRAGGLE does not sell personal data and does not share personal data for cross-context behavioral advertising.
13.INTERNATIONAL DATA TRANSFERS
13.1 Global Operations.
SKRAGGLE operates globally. Personal data may be processed in jurisdictions outside the country where it was originally collected.
13.2 Transfers from the EU/UK.
Where personal data is transferred outside the European Union or United Kingdom, SKRAGGLE relies on legally recognized transfer mechanisms, including:
(a) European Commission Standard Contractual Clauses (SCCs);
(b) UK International Data Transfer Addendum;
(c) other approved safeguards.
13.3 Supplementary Measures.
Where required, SKRAGGLE implements technical and organizational safeguards to protect transferred data.
13.4 U.S. Transfers.
For transfers involving U.S. entities, SKRAGGLE implements appropriate contractual and security safeguards consistent with applicable law.
14.DATA RETENTION
14.1 Retention Principles.
SKRAGGLE retains personal data only for as long as necessary to:
(a) provide the Platform;
(b) fulfill contractual obligations;
(c) comply with legal requirements;
(d) resolve disputes;
(e) enforce agreements.
14.2 Customer Data Retention.
Retention of Customer Data is governed by Customer instructions and the Data Processing Agreement.
14.3 Account Data Retention.
Account and billing information may be retained for the duration of the subscription and thereafter as required for legal, tax, or accounting obligations.
14.4 Log and Security Data.
Security logs and technical metadata may be retained for fraud prevention, security monitoring, and compliance purposes.
14.5 Deletion and Anonymization.
Upon termination of services and expiration of applicable retention periods, personal data may be deleted or irreversibly anonymized.
14.6 Backups.
Residual copies may remain in backup systems for a limited period consistent with disaster recovery protocols.
15.DATA SECURITY
15.1 Security Program.
SKRAGGLE implements commercially reasonable technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
15.2 Technical Safeguards.
Security measures may include:
(a) encryption of data in transit using industry-standard protocols;
(b) logical access controls and role-based permissions;
(c) authentication and credential management controls;
(d) logging and monitoring of system activity;
(e) network security controls and segmentation;
(f) secure development practices.
15.3 Organizational Safeguards.
SKRAGGLE maintains internal policies governing:
(a) access to personal data;
(b) incident response procedures;
(c) vendor due diligence;
(d) employee confidentiality obligations.
15.4 Subprocessor Security.
Subprocessors engaged by SKRAGGLE are subject to contractual obligations requiring appropriate data protection and security safeguards.
15.5 No Absolute Guarantee.
While SKRAGGLE implements reasonable safeguards, no system can guarantee absolute security. Customers remain responsible for securely configuring their own environments and access credentials.
16.DATA SUBJECT RIGHTS (EU/UK)
16.1 Scope.
Individuals located in the European Union or United Kingdom may have certain rights under applicable Data Protection Laws.
16.2 Rights May Include:
(a) Right of access to personal data;
(b) Right to rectification of inaccurate data;
(c) Right to erasure (“right to be forgotten”);
(d) Right to restrict processing;
(e) Right to object to processing based on legitimate interests;
(f) Right to data portability;
(g) Right not to be subject to decisions based solely on automated processing producing legal or similarly significant effects (subject to applicable limitations).
16.3 Processor Data Requests.
Where SKRAGGLE processes personal data on behalf of a Customer, requests relating to such data must be directed to the relevant Customer, who acts as data controller.
SKRAGGLE will assist Customers in responding to such requests in accordance with the DPA.
16.4 Complaints.
Individuals have the right to lodge a complaint with a competent supervisory authority in their jurisdiction.
17.UNITED STATES PRIVACY RIGHTS (CCPA/CPRA)
17.1 Applicability.
This Section applies to residents of certain U.S. states, including California, where applicable privacy laws grant specific rights.
17.2 Categories of Personal Information Collected.
SKRAGGLE may collect categories of personal information described in Section 3 of this Policy.
17.3 Business Purposes.
Personal information is processed for business purposes as described in Section 5 of this Policy.
17.4 No Sale or Sharing.
SKRAGGLE does not sell personal information and does not share personal information for cross-context behavioral advertising as defined under applicable U.S. privacy laws.
17.5 Rights May Include:
(a) Right to know what personal information is collected;
(b) Right to request deletion (subject to legal exceptions);
(c) Right to correct inaccurate personal information;
(d) Right to limit use of sensitive personal information (where applicable);
(e) Right not to be discriminated against for exercising privacy rights.
17.6 Processor Data.
Where SKRAGGLE processes personal information on behalf of a Customer, such processing qualifies as service provider processing under applicable law. Requests relating to such data should be directed to the relevant Customer.
18.CHILDREN’S DATA
18.1 No Intentional Collection.
The Platform is not directed to children and is intended for business use only.
18.2 Customer Responsibility.
Customers are responsible for ensuring that their use of the Platform does not involve unlawful collection of children’s personal data and that they comply with applicable child data protection laws where relevant.
18.3 Inadvertent Collection.
If SKRAGGLE becomes aware that personal data has been collected in violation of applicable child data protection laws, it will take reasonable steps to delete such data.
19.CHANGES TO THIS PRIVACY POLICY
19.1 Updates.
SKRAGGLE may update this Privacy Policy from time to time to reflect changes in legal requirements, regulatory guidance, or Platform functionality.
19.2 Notice of Changes.
Updated versions will be made available through the Platform or website with an updated effective date.
19.3 Material Changes.
Where required by applicable law, SKRAGGLE will provide reasonable notice of material changes.
19.4 Continued Use.
Continued use of the Platform after the effective date of an updated Policy constitutes acknowledgment of the revised terms.
20.CONTACT INFORMATION AND DATA PROTECTION ENQUIRIES
20.1 General Contact Information.
Privacy inquiries may be directed to:
Email: SUPPORT@SKRAGGLE.COM
EU Entity Registered Address: SUPPORT@SKRAGGLE.COM
U.S. Entity Registered Address: SUPPORT@SKRAGGLE.COM
20.2 Data Protection Requests.
Individuals seeking to exercise data protection rights may submit a request using the contact details above. SKRAGGLE may require verification of identity prior to responding.
20.3 Data Protection Officer.
Where required under applicable law, SKRAGGLE may designate a Data Protection Officer. If appointed, contact details will be made available on the Platform.
