ScoutAtlas
Legal · plain-English summaries above each section

Scout Atlas legal.

Plain language first, formal language second. We treat legal pages as products — readable, well-versioned, and honest about what we do and don’t do.

Plain summary

Scout Atlas is a B2B platform. We collect the minimum personal data we need to run the service, secure it, and bill it. We never sell, rent, or trade personal data. We never use member-club private data to train cross-club models without explicit, written consent.

Who we are

Scout Atlas is operated by Oney Finansal Danışmanlık Turizm ve Dış Ticaret Anonim Şirketi (“Oney AŞ”, “we”, “us”), a joint-stock company organised under the laws of the Republic of Türkiye, with registered office in İstanbul. Oney AŞ is the data controller for the Scout Atlas service. Contact: legal@scoutatlas.co.

What we collect

  • Account data. Name, work email, role, club, and the briefs and shortlists you create on the platform.
  • Authentication data. Magic-link tokens, IP addresses, and user-agent strings used to secure the session.
  • Usage data. Which screens you opened, which engines you ran, which players you opened — used to improve the product and surface anomalies.
  • Billing data. Company name, billing address, VAT number, and payment metadata. Card data is processed by Stripe and never touches our servers.
  • Optional private streams. If your club opts in to share GPS, biometric, or medical data, we collect it under a bilateral data-sharing agreement.

Why we collect it

  • To run the service you asked for.
  • To secure the platform and detect abuse.
  • To bill you correctly and meet our tax obligations.
  • To improve the product based on aggregated, anonymous usage signals.
  • To contact you about service updates, security disclosures, and platform changes.

Who we share it with

We share personal data only with the sub-processors required to run the service: Supabase (authentication, database hosting), Vercel (web hosting), Stripe (payments), and Resend (transactional email). We publish the full sub-processor list in our security policy and notify you in advance of any change.

What we never do

  • Sell, rent, or trade personal data.
  • Train cross-club ML models on private member data without explicit consent.
  • Read end-to-end encrypted Deal Room messages — we cannot, by design.
  • Use cross-context tracking, advertising cookies, or fingerprinting.

Your rights

Wherever you are, you have the right to access, correct, export, or delete the personal data we hold about you. Email legal@scoutatlas.co and we’ll act inside 30 days. EU and UK residents have additional rights under GDPR and the UK GDPR — see GDPR. Türkiye residents are covered under Law No. 6698 on the Protection of Personal Data (KVKK).

Retention

Account data is retained for the life of the account plus 90 days. Usage logs are retained for 12 months. Billing records are retained for 10 years to meet tax law applicable in Türkiye and the EU. On account deletion request, we cryptographically erase all personal data inside 30 days.

Security

TLS 1.3 in transit, AES-256-GCM at rest, row-level security in the database, role-bound access on the application layer, and quarterly third-party penetration tests from year 2. See the full security model.

Changes to this policy

We will email account admins ahead of any material change, and previous versions will remain accessible at /legal/privacy/v0. The version log lives in the changelog.

Operated by Oney Finansal Danışmanlık Turizm ve Dış Ticaret Anonim Şirketi (“Oney AŞ”), a joint-stock company organised under the laws of the Republic of Türkiye, with registered office in İstanbul, Türkiye.

Last updated · 5 May 2026 · contact: legal@scoutatlas.co