Privacy Policy

Updated June 27, 2026

Purpose

Skedulo Holdings Inc. ("Skedulo", "we", or "us") provides this Privacy Policy to describe and inform you of our policies and procedures regarding the collection, use and disclosure of information we receive from users of our website (such as https://www.skedulo.com) and our products, services, and applications (collectively, the "Services"), or when you attend a Skedulo event or otherwise interact with us. We use your Personal Data to provide and improve our Services. By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

This Privacy Policy explains:

  • What information we collect and why we collect it.
  • How we use that information and when we disclose it.
  • Your rights regarding that information, including how to access and update your information.
  • The steps we take to protect your information.

Scope & Applicability

This Privacy Policy applies to visitors of our websites and individuals registered for our Services ("Users", "you", or "your"), including Users who are provisioned an account by our customers ("Customers"). Your privacy is important to us. Please read this policy carefully to understand how we will collect, use, and disclose your information, and what choices you have with respect to your information. Additionally, this Privacy Policy applies to the information that we obtain through your use of Skedulo products and services, including our website (https://www.skedulo.com), our products, social media, communications, and web-based tools (collectively, our "Services").

This Privacy Policy does not apply to Personal Information arising from Skedulo's employment-related activities. Except to the extent that a third party provides services on our behalf (e.g. external vendors, contractors, etc.), this Privacy Policy also does not apply to the practices of third parties to which we may link or otherwise refer you, such as consultants, security testing firms, audit firms, and other vendors.

If you have any questions or concerns about this Privacy Policy or about our privacy or data security practices, please contact us at privacy@skedulo.com.

Definitions

Account means a unique account created for You to access our Services or parts of our Services.

Company (referred to as either "the Company", "We", "Us" or "Our") refers to Skedulo Holdings Inc., 584 Market Street, San Francisco, CA 94104.

Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

Device means any device that can access the Services such as a computer, a cellphone or a digital tablet.

Personal Data means information from or about you that identifies you directly and information that is associated with you and thus could potentially identify you, including when combined with other information from or about you.

Sensitive Personal Information includes data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic and biometric data when used for identification purposes, and data about health, sex life, and sexual orientation.

Usage Data refers to data collected automatically, either generated by the use of the Services or from the Services infrastructure itself (for example, the duration of a page visit).

You means the individual accessing or using the Services, or the company or other legal entity on behalf of which such individual is accessing or using the Services, as applicable.

Types of Personal Information Collected

  • Names (First Name and Last Name)
  • Address, State, Province, ZIP/Postal code, City
  • Email address(es)
  • Telephone number(s)
  • Device identifiers (e.g. IP address, location, browser type, and language)
  • Usage Data
  • User IDs and passwords
  • Business contact information (e.g. names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title)
  • Personal information that you choose to share within our user communities, and payment card and financial account information

Collecting and Using Your Personal Data

Information Provided to Us Voluntarily

Account and Profile Information: We collect information about you and/or your company when you register for an account, create or modify your profile. Information we collect includes your name, username, address, email address, and phone number. You may provide this information directly through our Services or, in some cases, another user (such as an account administrator) creating an account on your behalf may provide it. If you provide information (including Personal Information) about someone else, you confirm that you have the authority to act for them and to consent to the collection and use of their Personal Information as described in this Privacy Policy.

Content: We collect and store content that you create, input, submit, post, upload, transmit, or store while using our Services. Such content may include any personal or other sensitive information submitted using our Services, such as Regulated Data: HIPAA protected health information, EU personal data, and other information such as source code or regulatory compliance materials.

Other Submissions: We collect other data that you may submit to our Services or to us directly, such as when you request customer support or communicate with us via email or social media sites.

Information Collected Automatically When You Use Our Services

Web Logs and Analytics Information: We record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers, as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information that you search for, your locale and language preferences, your mobile carrier, and system configuration information. We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services.

Cookies and Other Tracking Technologies: We use various technologies to collect information, including cookies that we save to your computer or mobile device. We use a consent management platform to obtain and record your cookie choices, to block non-essential cookies until you consent where required, and to honor browser-based opt-out signals such as Global Privacy Control (GPC). We use cookies to improve and customize our Services and your experience; to allow you to access and use the Services without re-entering your username or password; to count visits and understand which areas and features of the Services are most popular; and, where you consent, for analytics and advertising. You can manage your preferences at any time through the cookie preferences tool on our website. If you do not accept cookies, you may not be able to use all aspects of our Services.

Information Collected from Other Sources

Information from Third Parties: We may obtain information, including Personal Information, from our business partners and service providers. This information includes, but is not limited to, information that we receive from our direct marketing providers, product referrals, and other interactions. We also may combine information we receive from third parties with other information we collect from you through our Services as described in this Privacy Policy. If we use this information to provide you with opportunities that we think may be of interest to you, you will have the ability to inform us that you do not wish to receive such offers, and you may unsubscribe from our marketing and other email communications by clicking on the link in the email, sending an email to privacy@skedulo.com, or accessing your user account and changing your distribution preferences.

Information Provided by Other Individuals: While using our Services, individuals may provide information about another individual, or an authorized user (such as an account administrator) creating an account on your behalf may provide information about You. When one individual provides us with information (including Personal Information) about another individual, we assume that the individual has permission and authority to do so and to consent on behalf of that individual to the collection and use of Personal Information as described in this Privacy Policy. Please contact us immediately at privacy@skedulo.com if you become aware of an individual providing us with Personal Information about another individual without being authorized to do so, and we will act consistently with this Privacy Policy.

Information Received About You from Our Customers: Our customers and their designated users use our Services to develop, establish, implement, and maintain secure application and database deployment environments for processing sensitive data, including Personal Information and Sensitive Personal Information. While using our Services, our customers may create, input, submit, post, upload, transmit, or store Personal Information that they have collected from individuals. During the course of our business relationship, we may need to access a customer's account and the information it contains to provide support for our Services.

Our customers and prospective customers are responsible for complying with all applicable federal, state, local, and international laws and regulations regarding notice, disclosure, consent, and transfer of Personal Information, prior to providing that Personal Information to Skedulo.

In addition, our customers and prospective customers are also responsible for identifying, in the Services agreement or in a related document (such as a HIPAA business associate agreement or data protection agreement), any additional requirements for protecting, accessing, and handling Personal Information in a particular manner that exceeds the reasonable, risk-based administrative, technical, and physical safeguards that Skedulo would otherwise routinely implement, or that are inconsistent with the collection and use practices identified in this Privacy Policy.

Unlike the other collections of information described in this section, our agreements with customers include specific protections and limitations regarding our access to and use of Personal Information collected by customers, and we do not access, use, copy, retain, or aggregate that customer data except as stated in those agreements. Where Skedulo processes Personal Information on behalf of a customer, Skedulo acts as a processor (or, for protected health information, a business associate) and processes that information only on the customer's documented instructions.

Use of Your Personal Data

We will not use your Personal Information for anything other than the following lawful purposes. When possible, we will use anonymized data for these purposes, but if we do not, or if we combine it with Personal Information, we will treat it in accordance with this Privacy Policy.

  • To provide and maintain our Services: including monitoring usage, providing customer service and support, communicating with you (e.g. responding to inquiries, questions, and requests), processing and completing transactions (e.g. sending purchase confirmations and invoices), and providing direct marketing, email, and other electronic information.
  • To manage Your Account: to manage Your registration as a user of the Services.
  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased, or of any other contract with Us through the Services.
  • To establish and maintain contractual relationships with our customers: including establishing relationships with new and existing customers, fulfilling our contractual obligations, and enabling individuals to access and use our Services.
  • To contact You: by email, telephone calls, SMS, or other equivalent forms of electronic communication, including security updates, when necessary or reasonable.
  • To manage Your requests: to attend to and manage Your requests to Us.
  • For business transfers: to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets.
  • To comply with legal obligations: including complying with tax and financial reporting requirements; demonstrating compliance with applicable privacy and data security laws and regulations (e.g., HIPAA and GDPR); complying with incident monitoring, reporting, assessment, and notification requirements; and complying with other applicable criminal, civil, and regulatory requirements under federal, state, and international law.
  • For other purposes, such as: monitoring and analyzing trends and usage; investigating and preventing fraudulent transactions, unauthorized access, and other illegal activities; verifying compliance with our internal policies and procedures; accounting, recordkeeping, backup, and administrative purposes; customizing and improving the content of our communications, websites, and social media accounts; educating and training our workforce in data protection and customer support; developing new products, services, features, and functionality; first-party marketing only (we do not provide Personal Information for use in marketing any non-Skedulo, third-party goods or services); and fulfilling our other legitimate interests to the extent not overridden by individual interests, fundamental rights, or freedoms.

Retention of Your Personal Data

We retain your Personal Information only as long as necessary to accomplish the business purpose for which it was collected, or to comply with our legal and contractual obligations, in accordance with our documented data retention schedule, and then securely dispose of that information. Where Skedulo processes Personal Information on behalf of a customer, retention and deletion are governed by our agreement with that customer.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. This information may be transferred to, and maintained on, computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of Your jurisdiction. The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy, and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate safeguards in place, including the security of Your data and other personal information.

Disclosure of Your Personal Data

Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Policy, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose Personal Information that we collect from or about you.

We may share your information in the following ways:

  • With Your Express Consent: with companies, organizations, or individuals outside of Skedulo when we have your consent to do so.
  • When You Choose to Directly Share Your Information While Using Our Services: certain features allow you to make some of your content accessible to the public or other users. We urge you to consider the sensitivity of any information prior to sharing it.
  • When Your Account Is Accessed by Your Organization's Designated Skedulo Administrator: your account owners and administrators may access information in and about your account; disclose, restrict, or access information you have provided or that is made available to you; and control how your account is configured, accessed, or deleted.
  • With our vendors and business partners, to accomplish our business purposes: we may share your information with service providers and other third parties who perform services on our behalf, listed in our Subvendor Directory.
  • When Necessary to Comply with Laws and Law Enforcement Requests, or Otherwise to Protect Our Rights or Those of Individuals: we may disclose your information if we believe disclosure is reasonably necessary to comply with applicable law, regulation, legal process or governmental request; to enforce our agreements, policies and terms of service; to protect the security or integrity of our products and services; to respond to an incident involving personal data for which Skedulo has direct or indirect responsibility; to protect the property, rights, and safety of Skedulo, our customers, or the public; to respond to an emergency; or to investigate and defend against third-party claims.
  • As the result of a business transition: in connection with any merger, sale of company assets, financing, or acquisition. We will take reasonable steps to assure that any other entity involved continues to comply with this Privacy Policy, and we will notify you by posting a notice on our website.
  • Sharing aggregated, anonymized, de-identified, or otherwise non-personal data: we may share information that does not directly or indirectly identify you and that cannot, with reasonable effort, be used to re-identify you.

SMS, Text Messaging, and Mobile Information

This section applies specifically to mobile phone numbers and to text messaging (SMS) opt-in and consent data that you provide to us. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Your Control Over Your Personal Information

  • You may decline to share certain Personal Information with us, in which case we may not be able to provide some features or fulfill your requests.
  • You may decline to accept cookies, but that decision may affect functionality and performance of our Services.
  • You may update or correct your Personal Information at any time by accessing the account settings page on the website or within our platform.
  • You may opt out of receiving promotional communications by using the unsubscribe link in each email. As long as you maintain an account with us, you will continue to receive administrative messages.
  • You may request information about, and access to, the Personal Data that we collect from you.
  • You may ask questions or make complaints about our privacy and data security practices.
  • You may request that we delete or correct information that we have collected about you.
  • You may ask us for a copy of the information that we collected from you.

To exercise any of these options, or for additional information about our privacy and data security practices, contact us at privacy@skedulo.com.

Security of Your Personal Data

No data transmission over the Internet or data storage system can be guaranteed to be 100% secure. That said, Skedulo employs a variety of organizational, technical and administrative measures to provide a level of security appropriate to the risk associated with the Personal Information you entrust to us.

We manage our data protection program consistent with ISO/IEC 27001:2022, SOC 2 Type II, the NIST Cybersecurity Framework (CSF) 2.0, and applicable legal and regulatory requirements such as HIPAA and GDPR. Skedulo's current SOC 2 Type II report and HIPAA/HITECH validated assessment report are available under NDA to customers and prospective customers. To request a copy, please contact privacy@skedulo.com.

For more information, please refer to our Security Policy. Skedulo protects Personal Information under its control and requires its service providers (see our Subvendor Directory) to protect against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. If you have concerns about the security of your information with Skedulo, please contact us immediately at security@skedulo.com to report an issue.

Children's Privacy

Our Services are not directed to individuals under 16. We do not knowingly collect Personal Information from children under 16. If we become aware that a child under 16 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact us at privacy@skedulo.com.

California Privacy Rights

These additional disclosures are provided under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), and are effective as of June 27, 2026.

Categories of personal information collected. In the preceding twelve months we may have collected the following categories of personal information, depending on how you engage with the Services: identifiers (e.g., name, alias, postal address, phone number, IP address); characteristics of protected classifications under California or U.S. federal law (e.g., age or gender, for example if we conduct user surveys); commercial information (e.g., purchase activity); Internet or other electronic network activity information (e.g., content interaction information such as downloads and playback details); geolocation data; audio, visual, electronic, or similar information (e.g., when you communicate with us by phone); professional or employment-related information; and inferences drawn from the above.

Sensitive personal information. To the extent we collect sensitive personal information, we use and disclose it only for purposes permitted under the CCPA without a right to limit (such as providing the Services you request, security, and legal compliance). We do not use or disclose sensitive personal information for the purpose of inferring characteristics about you.

Categories of personal information disclosed for a business purpose. In the preceding twelve months we may have disclosed the categories above to our service providers for business purposes, such as analytics, advertising support, customer support, payment processing, and hosting.

Sale or sharing of personal information. We do not sell your personal information for money. However, our use of cookies and similar advertising technologies for cross-context behavioral advertising may be considered "sharing" (and, in some cases, a "sale") under the CCPA. You have the right to opt out. You can exercise this right at any time using the "Do Not Sell or Share My Personal Information" link in our website footer and the cookie preferences tool, and we honor opt-out preference signals such as Global Privacy Control (GPC).

Your CCPA rights. Subject to verification and applicable exceptions, California residents have the right to: know and access the personal information we collect, use, disclose, and share; request deletion of personal information; request correction of inaccurate personal information; opt out of the sale or sharing of personal information; and not receive discriminatory treatment for exercising these rights.

How to exercise your rights. Submit a request by emailing privacy@skedulo.com, or, for opt-out of sale/sharing, by using the "Do Not Sell or Share My Personal Information" link or cookie preferences tool on our website. You may use an authorized agent to submit a request on your behalf; we may require verification of the agent's authority and of your identity before fulfilling the request. Where Skedulo processes personal information on behalf of a business customer as a service provider, requests should be directed to that customer, and we will assist them as required.

Shine the Light. California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at privacy@skedulo.com.

Information for International Users

Our Services are primarily hosted in the United States, Canada, and Australia, but we can provision our Services in other regions of the world. You may choose to use our Services in non-U.S. regions, such as the European Union or other regions with laws governing data collection and use that may differ from U.S. law. When you use our Services, you may be transferring your information to the United States or another country for storage and processing. By providing your information, you consent to any transfer and processing in accordance with this Privacy Policy and the safeguards described below.

European Union (EU), United Kingdom (UK), European Economic Area (EEA) and Switzerland Privacy

If you are based in one of these jurisdictions, Skedulo is the controller of your personal data collected in the following instances: when you visit our website (https://www.skedulo.com); when we process your personal data for sales and marketing purposes. Skedulo is a processor of all personal data processed within the application on behalf of our customers; we process that data only on their documented instructions. Please contact your employer or the organization that granted you access to the application for details on their privacy practices.

We only process personal data where we have a lawful basis. The lawful bases applicable to our processing as controller are: consent; performance of a contract; and legitimate interest (e.g., processing names, contact details, job titles, and companies of existing and prospective customers for marketing, market research, and lead generation).

You have the following rights under the GDPR and UK GDPR: to be informed about the collection and use of your personal data; to access your personal data; to correct errors; to erase your personal data; to object to processing (including for direct marketing, in which case we will stop processing within 30 days of receipt of your request); to data portability; and to restrict our processing for specific reasons.

Transferring information outside the EEA, UK, and Switzerland

When personal data controlled by Skedulo is transferred to, or stored and processed in, the United States or other countries outside the EEA, UK, or Switzerland, we safeguard it using appropriate transfer mechanisms, including the European Commission's Standard Contractual Clauses (Commission Decision (EU) 2021/914) for transfers from the EEA, the UK International Data Transfer Addendum (UK IDTA) for transfers from the UK, and the equivalent mechanism recognized for transfers from Switzerland. If you have questions about these transfer mechanisms, contact us at privacy@skedulo.com. You may also lodge a complaint with your local supervisory authority (an EU Data Protection Authority, the UK Information Commissioner's Office, or the Swiss Federal Data Protection and Information Commissioner).

Changes to this Privacy Policy

We may change this Privacy Policy from time to time. If we make any changes, we will notify you by revising the version and date at the top of this Privacy Policy and, where appropriate, may provide additional notice (such as a statement on the log-in screen or an email notification). Your continued use of our Services after the revised Privacy Policy becomes effective indicates that you have read, understood, and agreed to the current version.

Contact Information

Please contact us with any questions or comments about this Privacy Policy, your Personal Information, our use and disclosure practices, or your consent choices by email at privacy@skedulo.com.