Legal
Privacy Policy
Last Updated: June 24, 2026
1. Introduction
SKOOR helps businesses and their autonomous agents establish and act on verifiable financial trust. We rely on data to deliver creditworthiness scoring and financial deliverables (such as accounts-payable and accounts-receivable aging, cash-position, and revenue views) to our customers. This Privacy Policy explains how we manage information that identifies, or could reasonably identify or be linked to, an individual, household, or device (“Personal Information”).
SKOOR is intended for use by business customers and is not intended for personal, family, or household use. As used here, “SKOOR,” “we,” “our,” and “us” refer to Shulam, Inc. and its affiliates, and “you” and “your” refer to the individual interacting with us. Questions? Contact support@skoor.ai (see Section 13).
2. Applicability of this Privacy Policy & SKOOR’s Business
This Policy applies to information we collect and process as a Controller about you when you use or interact with: (a) our scoring, financial-intelligence, and account-connection services and associated technology (the “Services”); (b) skoor.ai (the “Website”); and (c) our emails, social media, and other places where you interact with our business (collectively, the “Business”).
Data-protection laws distinguish entities that determine the purposes and means of processing (“Controllers”) from those that process on behalf of others (“Processors”). When SKOOR processes Personal Information on behalf of a business customer (a “Company”) to provide contracted Services, we do so under our agreement with that Company and the Company’s instructions — not this Policy. To exercise rights over information we process on behalf of a Company, contact that Company; if we receive such a request, we will refer it to the Company. This Policy does not apply to Third-Party Services you or your Company connect to SKOOR (for example, a bank account connected via Plaid, QuickBooks Online, or Stripe), which are governed by their own terms and privacy policies.
3. Personal Information SKOOR Processes
A. Personal Information Provided Directly to SKOOR
- Contact & Account Information. name, email, phone, employer, job title, business name and type, and authentication identifiers.
- Communications. when you contact sales or support, submit feedback, or correspond with us.
- Content. documents and files you upload (for example, CSV financial data), which may contain Personal Information.
B. Personal Information Generated and Collected Automatically
- Usage Data. pages and features you interact with, time spent, referring/exit pages, and login/diagnostic data.
- Device Data. device/browser type, operating system and settings, and identifiers such as IP address.
We use cookies and similar technologies (log files, cookies, pixels, tags, and SDKs) to help collect this information. See Section 6.C and Section 8.
C. Personal Information Collected from Other Sources
- Connected Financial Data. when you or your Company connect an account, we receive financial data through your chosen provider: bank and transaction data via Plaid, invoice and accounting data via QuickBooks Online, and charge/payment data via Stripe. This may include account and counterparty identifiers, balances, transactions, invoices, and payment status. We continue to receive this data until you or your Company disconnect the source.
- Service Providers. that help us operate the Business and may collect information depending on the services they provide.
- Publicly-Available Sources. public-domain information used to identify and evaluate businesses and agents.
4. How We Use Personal Information
- To provide and maintain the Business. operate the Services, compute scores, and render the financial deliverables you request, including processing data at your direction (such as connecting a Third-Party Service).
- To communicate with you. notices, security alerts, support responses, and relationship or (where applicable) marketing communications.
- To detect, prevent, and respond to fraud and security incidents. maintaining the safety and integrity of the Business.
- To comply with legal obligations and enforce our rights. as permitted or required by law.
- To develop and improve the Business. troubleshooting and building features. Numeric outputs are computed by deterministic functions over your data; we do not use your connected financial data to train third-party models, and we do not use bank-account data to advertise our Business.
- For de-identified, aggregated, or anonymized information. which we may use for any lawful purpose.
- At your direction, or with notice and your consent. to fulfill purposes you request.
5. Disclosure of Personal Information
- Affiliates. related entities of Shulam, Inc.
- Service Providers. cloud infrastructure, database hosting, analytics, communications, and security providers that process information under contractual restrictions.
- Your Company. when we provide Services on a Company’s behalf, we disclose Personal Information to that Company and its authorized administrators.
- Providers of Connected Services. the financial-data providers and institutions you authorize (e.g., Plaid, QuickBooks Online, Stripe).
- Public Authorities. regulators, courts, and law enforcement, to comply with law and protect rights and safety.
- Mergers and Acquisitions. an acquiring entity or advisors in connection with a business transaction, subject to this Policy.
We do not sell your Personal Information, and we do not “share” it for cross-context behavioral advertising.
6. Your Rights and Choices
A. Access, Correction, Deletion, and Objection to or Restriction of Processing
Subject to applicable law, you may have the right to know and access the Personal Information we process about you; correct inaccurate information; request deletion; object to or restrict certain processing; and, where we rely on consent, withdraw it. These rights may be limited (for example, where we must retain information by law). We will not discriminate against you for exercising them. To exercise a right, contact support@skoor.ai; we verify requests and respond within the time required by law. Where we process information on behalf of a Company, contact that Company; if you contact us, we will refer the request. In jurisdictions that provide it, you may appeal a declined request by replying to our response. EEA/UK/Swiss residents may also lodge a complaint with their supervisory authority.
B. Communication Preferences
You can opt out of promotional emails via the unsubscribe link; opt out of SMS (if you opted in) by replying STOP; and control push notifications in your device settings. You cannot opt out of transactional or relationship messages about your account.
C. Tracking Technology Control
Most browsers accept cookies by default; you can decline or delete them in your browser/device settings (some features may then not function). We honor the Global Privacy Control (GPC) where required by law. Because there is no industry consensus on “Do Not Track” signals, we do not currently respond to them, but you can use the controls described here. You can opt out of Google Analytics via Google’s opt-out tools.
7. International Data Transfers
We are headquartered in the United States and process Personal Information there. If you access the Services from outside the U.S., your information may be transferred to and processed in the U.S., where data-protection laws may differ from your jurisdiction. For information transferred from the EEA, Switzerland, or the U.K., we use appropriate safeguards (such as Standard Contractual Clauses) where required.
8. Lawful Basis for Processing
Where required (e.g., EEA, Switzerland, U.K.) and where we are the Controller, we rely on: performance of a contract with you; compliance with legal obligations and enforcement of our rights; your consent (e.g., certain cookies); and our legitimate interests in operating, securing, and improving the Business.
9. Security
We use technical, organizational, administrative, and physical measures designed to protect Personal Information, including: TLS 1.2+ encryption in transit; encryption at rest (AES-256) in managed databases; connection credentials and access tokens that are encrypted, tenant-scoped, and never logged or exposed to client applications; tenant isolation where data access is bound to a verified authenticated principal and defaults to deny; and role-based, least-privilege access to production systems. No method of transmission or storage is entirely secure, so we cannot guarantee absolute security. If you suspect unauthorized activity, contact support@skoor.ai immediately.
10. Use by Minors
The Services are intended for businesses and are not directed to minors. We do not knowingly collect Personal Information from children under 13 (as defined by COPPA), and we do not knowingly “sell” or “share” the Personal Information of minors under 18.
11. Retention
We retain Personal Information for as long as we have a business or operational purpose and as needed to comply with legal obligations, resolve disputes, prevent fraud, and enforce our rights. When the applicable period elapses, we delete, de-identify, or anonymize the information. You may request earlier deletion (Section 6.A); some information may be retained where law requires.
12. Changes to this Privacy Policy
We may update this Policy from time to time. We will post the updated version with a new “Last Updated” date and, for material changes, provide reasonable advance notice where required. Continued use of the Services after changes take effect constitutes acceptance.
13. Contact Us; Data Controller
Where we act as the Controller, the Controller is Shulam, Inc. Contact us:
By email: support@skoor.ai
By mail: Shulam, Inc., Attn: Privacy, 516 River Highway, Suite D, Mooresville, NC 28117
14. Additional Information for California Residents
A. California Notice at Collection
In the past 12 months we have collected these categories of Personal Information: identifiers (name, address, email, IP address); customer records (phone, billing/financial account information you connect); commercial or transaction information; internet activity (usage and interactions); and inferences drawn from the above. We collect these for the purposes in Section 4, from the sources in Section 3, and disclose them to the categories in Section 5.
B. Rights; Do Not Sell or Share; Authorized Agent
California residents have the right to know, access, correct, and delete Personal Information, and the right to non-discrimination. We do not sell or “share” Personal Information for cross-context behavioral advertising, and we do not use sensitive personal information in ways that trigger a right to limit. You may designate an authorized agent (with written, signed permission) to submit requests. Exercise rights via support@skoor.ai.
15. Additional Information for Other U.S. State Residents
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws may request access, correction, deletion, and a portable copy of their Personal Information, and may opt out of targeted advertising, sale, or certain profiling (which we do not perform). Where provided by law, you may appeal a declined request by replying to our response. Submit requests to support@skoor.ai.