Scale Readiness
← Back

Privacy Policy

Last updated: 10 June 2026

1

Who we are

This site (the "Scale Readiness Pulse Check") is operated by CoExecute OÜ, a company registered in Estonia, European Union. We act as the data controller for the personal data you submit through this site.

Contact: hello@andexecute.com

2

What data we collect

  • Your full name and work email address
  • Your country, industry/vertical, and company size
  • Your answers to the assessment questions
  • Technical metadata (IP address, browser) for rate limiting and abuse prevention

3

Why we use it (lawful basis)

We process your data under the following GDPR Article 6 bases:

  • Performance of a contract / your request, to generate and email your assessment report.
  • Legitimate interests, to benchmark anonymised results, improve the assessment, and prevent abuse.
  • Consent, for any follow-up marketing communications, which you may withdraw at any time.

4

Who we share it with

We do not sell your data. We share it only with processors that help us deliver the service:

  • Supabase, hosting & database (EU region)
  • Resend, transactional email delivery
  • Lovable, application hosting

Each processor is bound by a Data Processing Agreement and appropriate safeguards (EU SCCs where applicable).

5

How long we keep it

  • Assessment responses: up to 2 years, then automatically deleted.
  • Individual reports: up to 1 year if unused, then deleted.
  • Security audit logs: up to 6 months.
  • You may request earlier deletion at any time (see Section 7).

6

Security

All data is transmitted over HTTPS and stored encrypted at rest. Database access is protected by Row-Level Security policies. Access tokens are short-lived and rate limited. Sensitive operations are logged for audit.

7

Your GDPR rights

If you are in the EU/EEA/UK, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Port your data to another service
  • Withdraw consent at any time
  • Lodge a complaint with your local Data Protection Authority

To exercise any right, email hello@andexecute.com with the subject "GDPR Data Request", or use our data request form. We will respond within 30 days.

8

Cookies

We use only strictly necessary functional storage (to keep your session active during the assessment). We do not use advertising or third-party tracking cookies.

9

International transfers

Our primary infrastructure is hosted in the European Union. Where any processor transfers data outside the EU/EEA, we rely on EU Standard Contractual Clauses.

10

Changes

We may update this policy. Material changes will be reflected by updating the "Last updated" date above.

CoExecute OÜ · Estonia, European Union · hello@andexecute.com