60+ Monster SCALE Summit engineering talks are now available on-demand | Watch now

CCPA PRIVACY NOTICE

Last modified: : February 3, 2026

This CCPA Notice (“Notice”) constitutes an integral part of ScyllaDB Ltd. Privacy Policy. Accordingly, terms used however not defined, shall have the same meaning as defined in ScyllaDB’s Privacy Policy, or as defined in the California Consumer Privacy Act of 2018 as amended and revised by the California Privacy Rights Act of 2020 effective January 1, 2023 (collectively “CCPA”). When we refer to “Personal Data” in ScyllaDB’s Privacy Policy, it is equivalent to “Personal Information” as defined under the CCPA.

If you are California resident that is either a Customer, Authorized Users and Prospect (“Consumers” or “you”) this Notice applies to your rights and disclosures concerning our processing of Personal Information. It describes how ScyllaDB Ltd. and its affiliates (“ScyllaDB”, “Company”, “we” or “us”) collect, use, disclose and share Personal Information of Consumers.

This CCPA Notice applies to Consumers’ Personal Information, that we collect directly or indirectly through our Services, in connection with providing our Services, or through our marketing and sales activities. This Notice does not apply to Personal Information made available through Customer Data processed that we process as a “Service Provider”, which is governed by our Data Processing Agreement and other applicable contractual provisions. Personal Information relating to candidates and employees who are California residents is governed by internal company policies, as well as our Candidate Data Privacy Notice.

PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES:

(A) CATEGORIES OF PERSONAL INFORMATION WE COLLECT & DISCLOSURE OF PERSONAL INFORMATION FOR BUSINESS PURPOSE

We collect Personal Information which is defined under the CCPA refers to as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed in the table below.

Personal Information further includes Sensitive Personal Information (“SPI”) as detailed in the table below.

However, Personal Information does not include: Publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; information excluded from the CCPA’s scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.

We may disclose your Personal Information to contractors or service providers for Business Purposes (as defined under the CCPA). When we share Personal Information for a Business Purpose, we establish contractual terms that describe the purpose and require the recipient to maintain confidentiality of that Personal Information and refrain from using it for any purpose except performing the contract. We additionally prohibit the contractor and service provider from selling or sharing your Personal Information.

Within the past twelve (12) months, ScyllaDB has collected the categories of Personal Information listed below and has shared them for a Business Purpose with the categories of recipients identified in the table below:

Categories of Personal InformationCollectedCategories of third-party recipients to whom we disclose Personal Information for business purpose
A. Identifiers.

Yes.

For example: real name, alias, unique personal identifier, Internet Protocol (IP) address, email address, account name.

  • Service providers.
  • Advertisers and Social Networks.
  • Affiliated Companies.
  • Legal Authorities.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Yes.

For example: name, telephone number, bank account and other payment information (for B2B).

  • Service Providers (Salesforce, CRM, hosting providers, cloud and SaaS providers).
F. Internet or other similar network activity.

Yes.

For example: Prospect’s interaction with our website and Authorized Users’ (as defined in the Privacy Policy) interaction with the Services.

  • Service providers.
  • Advertisers and Social Networks.
  • Affiliated Companies.
  • Legal Authorities.
G. Geolocation data.

Yes.

For example: approximate location derived from IP address.

  • Service providers.
  • Advertisers and Social Networks.
  • Affiliated Companies.
  • Legal Authorities.
H. Sensory data.

Yes.

Audio as part of call recordings with our sales representatives.

  • Service providers.
(B) CATEGORIES OF SOURCES OF PERSONAL INFORMATION Depending on the nature of your interaction with us, we may collect information as follows:
  • Information you provide directly to us: For example, when you create an account or when you communicate or correspond with us.
  • Information we collect automatically: For example, we automatically collect online identifiers and usage data, including analytics data, and we may use third-party measurement and marketing tools to do so.
  • Information we receive from third-parties: For example, third-party analytics providers and third-party aggregators that provide contact and business information for marketing and sales promotions.
(C) USE OF PERSONAL INFORMATION We may use the Personal Information described above for the following purposes:
  • To fulfill the purpose for which you provided the Personal Information (for example, to provide the free trial or Services, provide customer support, or respond to your inquiries).
  • To monitor, maintain, and improve our Services;
  • To provide, operate, and administer the Services;
  • To analyze our Services and your use of the Services and website;
  • To evaluate or carry out a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or a similar proceeding;
  • To respond to law enforcement requests and as otherwise required or permitted by applicable law, or as otherwise described in our Privacy Policy.
We will not collect additional categories of personal information, or use the Personal Information we collected, for materially different, unrelated, or incompatible purposes without providing you with notice.

(D) SALE OR SHARE OF PERSONAL INFORMATION

We do not “Sell” Personal Information as most people would commonly understand that term, and we do not, and will not, disclose your Personal Information in direct exchange for money or some other form of payment.

For retargeting and analytic purposes, when we promote our Services, we use third-party tools that are able to market our Services online, measure these marketing efforts, identify individuals that are interested in our Services, etc. this is done by placing cookies, pixel or other tracking technology on our website and sharing with these vendors the online identifiers and online behavior information. The CCPA defines “sharing” as “communicating orally, in writing, or by electronic or other means, a consumer’s personal information” to “a third party for cross-context behavioral advertising, whether or not for money or other valuable consideration.” In other words, we may share your Personal Information with a third party to help promote our Services and understand your use it.

Below we detail the categories of Personal Information that we “Sell” or “Share” in the preceding twelve (12) months for a Business Purpose (as defined under the CCPA):

Category of Personal Information
(corresponding with the table above)
Categories of third-party recipientsPurpose of Sale or Share

Category A

Category G

Category F

Marketing tools and vendors.Targeted advertising, cross-contextual behavioral advertising (“CCBA”), promoting the Services, analytics and security services.

(E) CHILDREN

Our Services are not intended for use by children, and we do not collect or maintain information about anyone who is considered to be a child. please contact us at: privacy@scylladb.com if you have reason to believe that a child has shared any information with us.

(F) DATA RETENTION

In general, we retain the Personal Information we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to opt out, where applicable.

The retention periods are determined according to the following criteria:

  1. For as long as it remains necessary in order to achieve the purpose for which the Personal Data was initially processed.
    For example: if you contact us, we will retain your contact information at least until we will address your inquiry.
  2. To comply with our regulatory obligations.
    For example: transactional data will be retained for up to seven years (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes.
  3. To resolve a claim, we might have or a dispute with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.

Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.

PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPA AND HOW TO EXERCISE THEM

(G) YOUR RIGHTS UNDER THE CCPA

If you are a California resident, you may exercise certain privacy rights relating to your Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law, by completing our DSR form and contacting us at dpo@scylladb.com. We may limit our response to your request as permitted under applicable law, as further described herein and in our DSR form.

California Privacy Right Details
The right to know what Personal Information ScyllaDB has collected about you and access right.You have the right to know what Personal Information ScyllaDB has collected about you, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom ScyllaDB discloses Personal Information, and the specific pieces of Personal Information that ScyllaDB has collected about you.
Deletion Rights.You have the right to delete Personal Information that ScyllaDB has collected from you, subject to certain exceptions.
Correct Inaccurate Information.You have the right to correct inaccurate Personal Information that ScyllaDB maintains about a consumer.
Rights related to sharing for Cross-Contextual Behavioral Advertising and sale of Personal Information.You have the right to opt-out of the “sharing” of your Personal Information for “cross-contextual behavioral advertising” (often referred to as “interest-based advertising” or “targeted advertising”) or the sale or sharing of your Personal Information as set forth above.
Limit the use or disclosure of SPI.Under certain circumstances, if ScyllaDB uses or discloses SPI, you have the right to limit the use or disclosure of SPI by ScyllaDB.
Opt-Out of the use of Automated Decision Making.In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your Personal Information, where applicable.
Non-Discrimination.You have the right not to receive discriminatory treatment by ScyllaDB for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Information.
Data Portability.You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format.

To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.

(H) HOW CAN YOU EXERCISE THE RIGHTS?

You may exercise your rights by completing our DSR form and contacting us at dpo@scylladb.com. The instructions for submitting, the general description of the process, verification requirements, when applicable, including any information the consumer must provide are all detailed in the form.

Note, certain rights can be done by you independently without submitting a formal request. For example, depending on your interaction with us:

  • you can opt-out from receiving emails from us by clicking the “unsubscribe” link or using other opt-out options provided in the marketing communications we send; and
  • you can access, correct, or delete information available in your account, through your account settings; and
  • You can opt out of selling or sharing at any time by using the cookie settings tool or the “Do Not Sell or Share my Personal Information” button available on our website. Additionally, if you prefer not to receive interest-based advertisements, you can restrict the collection of certain information through your device and browser settings or by using the Global Privacy Control (“GPC”) signals.

(I) NOTICE OF FINANCIAL INCENTIVE

We do not offer financial incentives to Consumers for providing Personal Information.

(J) AUTHORIZED AGENTS

You can designate an authorized agent to submit requests on your behalf via the methods above. However, we will require written proof of the agent’s permission to do so and verify your identity directly. We will not verify your identity if the agent provides the power of attorney documentation.

(K) CONTACT US

By email: privacy@scylladb.com

By mail:

ScyllaDB Ltd.  To: Maskit 4, Building C, Herzliya 4673304, Israel

ScyllaDB Inc. To: ScyllaDB, Inc 800 W El Camino Real #180 Mountain View, CA 94040

(L) UPDATES:

This notice was last updated on February 3, 2026. As required under the CCPA, we will update the CCPA Notice every 12 months. The last revision date will be reflected in the “Last Modified” heading at the top of this CCPA Notice.

PART III: OTHER CALIFORNIA OBLIGATIONS

California Direct Marketing Requests: California Civil Code Section 1798.83 permits you, if you are a California resident, to request certain information regarding disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please complete our DSR form and contact us at dpo@scylladb.com.

Do Not Track Settings: Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: https://www.eff.org/issues/do-not-track.