Privacy Policy

This privacy policy (“Policy”) informs you of our practices when handling your Personal Information through the Services (both as defined below). In this Policy, “Scribed AI”, “we” or “us” refers to Q6 Technology Holdings, Inc d/b/a Scribed AI, a company registered in Delaware with its registered address located at 2261 Market St Ste 22871, San Francisco, CA 94114. We are the data controller under the applicable privacy laws.

Where we have a Scribed Business or enterprise service agreement in place with an enterprise customer who is asking you to use our Services (for example your employer), we obtain and process your Personal Information on behalf of and at the instructions of that customer. In that context, such enterprise customers are the data controllers and their privacy policies will apply to the processing of your Information. We encourage you to read their privacy policies.

For the purpose of this Policy, “Personal Information” means any information relating to an identified or identifiable individual. This includes Personal Information you provide or generate when you use: (a) Our Scribed AI platform, including the web application, mobile applications, browser extensions, and developer APIs (the “App”); and (b) https://scribed.ai, and any other dedicated Scribed AI websites (the “Website”) (collectively, the “Services”). When you use the Services, you accept and understand that we collect, process, use, and store your Personal Information as described in this Policy.

If you are a California resident, our Privacy Notice for California Residents includes additional information about your rights and how we collect, use, and share information.

If you do not agree with this Policy, you must not use any of the Services. If you change your mind in the future you must stop using the Services and you may exercise your rights concerning your Personal Information as set out in this Policy.

1. INFORMATION WE COLLECT

We will collect and use the following Personal Information about you:

Information you provide to us

Registration Information. When you create an account on our Services, you will be asked to provide your name, email, and a password, you may voluntarily add a profile picture. For Pro or Business plans which are paid Services, our payment processing partner Stripe, Inc. may also collect your name, billing address, and payment information. Payment information is not shared with us and is maintained by Stripe.

App Information. When you use the Services, you may provide us with your audio recordings (“Audio Recordings”), automatic screenshots and any text, images or videos that you upload or provide to us in the context of the Services. Screenshots may be taken automatically during virtual meetings to add value by extracting useful visual information.

Communication Information. When you contact us, you provide us with your phone number, email, and any other information you choose to provide over such communication, including information about your query.

Phone Number & SMS Consent. When you provide your phone number through our booking pages, lead capture forms, or other website forms and check the SMS consent checkbox, we collect your phone number and record of consent for the purpose of sending you text messages including appointment confirmations, booking reminders, and follow-up communications. Your phone number is stored securely and used only to facilitate the communications you have consented to receive. Your mobile phone number will not be shared with or sold to third parties for marketing or promotional purposes.

Telephony Data. When you use our cloud telephony features, we collect phone numbers you purchase or provision through the Service, call logs and metadata (including caller and callee phone numbers, call duration, timestamps, and call direction), call recordings and voicemails, call forwarding configurations, and call quality metrics. Telephony services are provided through our integration with Twilio.

CRM and Contact Data. When you use our contact management and CRM features, we collect contact records you create or import (including names, email addresses, phone numbers, company names, job titles, and tags), data imported via CSV files, contact notes and interaction history, contact distribution and assignment records, and analytics related to your contact management activities.

Booking and Scheduling Data. When you use our booking and scheduling features, we collect event types and availability settings you configure, booking details and confirmations, RSVP responses, custom form responses submitted by invitees through your public booking pages, and calendar integration data.

Organizational Chat Data. When you use our team messaging features, we collect messages you send in channels and threads, typing indicators and read receipts, and task assignments and status updates created within the chat interface.

File and Drive Data. When you use our file storage and management features (Drive), we collect files you upload, file metadata (including names, sizes, types, and upload timestamps), generated thumbnails and previews, and semantic search embeddings generated from your file content for search functionality.

Project Data. When you use our project management features, we collect project details, tasks, milestones, timelines, activity logs, and any associated notes or attachments.

Email Data. When you use our email template and AI email generation features, we collect email templates you create or modify, AI-generated email content, and email sending history and recipient information.

AI Interaction Data. When you use our AI-powered features (including AI chat, AI summaries, AI agent calls, and AI email generation), we collect the prompts and inputs you provide, the AI-generated responses and outputs, and your context preferences and interaction history with AI features.

API Usage Data. If you use our developer API (including the Inbound Leads API), we collect API keys you generate, API request logs (including timestamps, endpoints accessed, and response codes), and any data submitted through API requests such as inbound lead information.

Browser Extension Data. If you use our browser extension, we collect extension usage data, live recording data captured through the extension, and extension configuration preferences.

Information you provide us about others

If you choose to collaborate on a task with your co-workers or friends, or refer us to them, you provide us with the email address and contact information of your co-workers or friends.

If you import contacts into our CRM, provide contact information through our booking or scheduling features, or use our telephony features to call third parties, you provide us with Personal Information about those individuals. You represent and warrant that you have the necessary permissions and lawful basis to share such information with us.

If you provide an Audio Recording (whether from a meeting, phone call, or AI agent call), this may contain the Personal Information of third parties. Before you do so, please make sure you have the necessary permissions from your co-workers, friends or other third parties before sharing Personal Information or referring them to us.

Information we automatically collect or is generated about you when you use the Services

Usage Information: When you use the Services, you generate information pertaining to your use, including timestamps, such as access, record, share, edit and delete events, app use information, screenshots/screen captures taken during the meeting, interactions with our team, transaction records, telephony usage metrics, AI feature usage, and file storage activity.

Device Information: We assign a unique user identifier (“UUID”) to each mobile device that accesses the Services. When you use our Services, you provide information such as your IP address, UUIDs, device IDs, web beacons and other device information (such as carrier type, whether you access our Service from a desktop or mobile platform, device model, brand, web browser and operating system).

Cookies: We use Cookies and other similar technologies (“Cookies”) to enhance your experience when using the Service. For more information about our Cookies policy, see HOW WE USE COOKIES AND SIMILAR TECHNOLOGIES below.

Location Information: When you use the Services, we receive your approximate location information. For example, we infer your approximate location by using your IP address.

Information received from third parties

Information we receive from third party platforms: When you connect third party platforms, apps or providers (such as Google Calendar, iCal or other calendar programs, Google Contacts, Zoom, Pipedrive, GitHub, Vercel, or Asana) to our Services, or when you register through a third party account (such as Google or Microsoft), we receive Personal Information that includes your username, profile picture, email address, time, location, calendar information, contact information from such third parties and any information you choose to upload to such third party platforms (“Platform Information”). The specific data received depends on the integration:

• Pipedrive: Contact records, deal information, lead data, and activity history you authorize us to sync.
• GitHub: Repository information, commit history, and project tracking data from repositories you connect.
• Vercel: Deployment status, project information, and build logs from projects you connect.
• Asana: Project data, task information, and team activity from workspaces you connect.

Information from platforms our Services relies on: We receive transaction information from our payment processor Stripe.

Newsletter and Marketing Data. If you sign up for our newsletter or register for a webinar, we collect your name, email address, and any additional information you provide during registration.

Other third parties. We may receive additional information about you, such as demographic or interest attributes from third parties such as data or marketing partners and combine it with other information we have about you.

We also collect, and use aggregated data such as statistical or demographic data for our purposes. Aggregated data may be derived from your Personal Information but is not Personal Information as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Information so that it can directly or indirectly identify you, we will treat the combined data as Personal Information which will be used in accordance with this Policy.

2. HOW WE USE YOUR PERSONAL INFORMATION

We use your Personal Information to:

Set up your account. We use your registration information, device information and information received from third parties (such as your username, email address) in order to set up an account for you to use our Services. We do so in accordance with our contractual and precontractual obligations to you in order to provide you with an account to use the Services.

Provide you with the Services. We use your audio recordings, telephony data, CRM and contact data, chat messages, file uploads, project data, booking data, email data, AI interaction data, usage information and platform information in order to provide you with the Services. This includes processing call recordings and voicemails, generating transcriptions and AI-powered summaries, facilitating contact management and communications, enabling file storage and semantic search, powering scheduling and booking features, and delivering AI-generated content. In addition, we use your communication information to facilitate support (e.g. retrieval of a forgotten password). We do so in accordance with our contractual obligations to you in order to provide you with the Services.

Process telephony services. We use your telephony data to provision and manage phone numbers, route and complete inbound and outbound calls, store call recordings and voicemails, generate call transcriptions, and provide call analytics and metrics. Call data may be processed by our telephony provider Twilio and, where AI agent calls are involved, by our AI voice provider VAPI.

Deliver AI-powered features. We use your AI interaction data, along with relevant context from your other data (such as transcriptions, notes, contacts, and files), to power AI chat, generate summaries, create email drafts, conduct AI agent calls, and provide other AI-assisted functionality. This data may be sent to third-party AI service providers including OpenAI for processing.

Improve and monitor the Services. We use information we automatically collect or generate about you when you use the Services, as well as information about your device such as device manufacturer, model and operating system, and the amount of free space on your device, to analyze the use of and improve our Services. We train our proprietary artificial intelligence technology on de-identified audio recordings. We also train our technology on transcriptions to provide more accurate services, which may contain Personal Information. We obtain explicit permission (e.g. when you rate the transcript quality and check the box to give Scribed AI and its third-party service provider(s) permission to access the conversation for training and product improvement purposes) for manual review of specific audio recordings to further refine our model training data.

Communicate with you. If you contact us, we will use your contact information to communicate with you and, if applicable, your usage information to support your use of the Services.

Send you newsletters about product news or updates that may be of interest to you. We will send you emails with news or updates pertaining to our Services. When doing so, we process your email address, name and may process your usage information. Your consent can be withdrawn at any time by following the unsubscribe mechanism at the bottom of each communication.

Prevent fraud, defend Scribed AI against legal claims or disputes, enforce our terms and to comply with our legal obligations. It is in our legitimate interest to protect our interests by (1) monitoring the use of the Services to detect fraud or any other user behavior which prejudices the integrity of our Services, including monitoring telephony usage for compliance with applicable calling regulations, (2) taking steps to remedy aforementioned fraud and behavior, (3) defending ourselves against legal claims or disputes, and (4) enforcing our terms and policies. When doing so, we will process the Personal Information relevant in such a case, including information you provide us, information we automatically collect about you, and information which is provided to us by third parties.

Create de-identified and aggregated datasets. We use your Personal Information, User Content, and Usage Data to create de-identified, aggregated, and anonymized datasets (“Derived Data”) that do not identify you individually. We use Derived Data for internal analytics, product development, benchmarking, and research purposes.

Commercialize and license data. We may license, sell, or otherwise make Derived Data available to third parties for lawful commercial purposes, including AI model training, market research, analytics products, and academic research. Derived Data shared with third parties will have been de-identified using commercially reasonable techniques consistent with applicable law. We do not sell Personal Information that directly identifies you without your explicit consent, except as otherwise permitted under applicable law. For more details, see Section 7A (Data Monetization and Commercial Use).

Train and improve AI systems. We use your User Content, including transcriptions, recordings, files, and other data, to train, fine-tune, validate, and improve Scribed AI's proprietary AI models and algorithms, as well as to develop new AI-powered products, features, and services. Data may also be shared with third-party AI providers for processing as described in Section 7.

3. HOW WE USE COOKIES AND SIMILAR TECHNOLOGIES

We and our third party partners use Cookies, pixel tags, and similar technologies to collect information about your browsing activities and to distinguish you from other users of our Services in order to aid your experience and measure and improve our advertising effectiveness.

Cookies are small files of letters and numbers that we store on your browser or on your device. They contain information that is transferred to your device.

We use Cookies to collect information about your browsing activities and to distinguish you from other users of our Services in order to aid your experience.

We use the following types of Cookies and similar technologies:

Strictly necessary Cookies: Some Cookies are strictly necessary to make our Services available to you; for example, to provide login functionality, user authentication and security. We cannot provide you with the Services without this type of Cookie.

Functional Cookies: These are used to recognize you when you return to our Website. This enables us to personalize our content for you and remember your preferences (for example, your choice of language).

Analytical, performance, or advertising Cookies: We also use Cookies and similar technologies for analytics purposes in order to operate, maintain, and improve our Services and measure and improve our advertising effectiveness. We use third party analytics providers, including Google Analytics and Amplitude, to help us understand how users engage with us. We also use third party advertising partners, including Facebook, to deliver ads to you on other sites. Google Analytics uses first-party Cookies to track user interactions which helps show how users use our Service and Website. This information is used to compile reports and to help us improve our Service and Website. Such reports disclose Website trends without identifying individual visitors. You can opt out of Google Analytics by going to https://tools.google.com/dlpage/gaoptout or via Google's Ads settings.

You can block Cookies by setting your internet browser to block some or all or Cookies. However, if you use your browser settings to block all Cookies (including strictly necessary Cookies) you may not be able to use our Services.

4. WITH WHOM WE SHARE YOUR PERSONAL INFORMATION

Third party services are not owned or controlled by Scribed AI and third parties may have their own policies and practices for collection, use and sharing of information. Please refer to third party privacy and security policies for more information before using such services. Third parties include vendors and service providers we rely on for the provision of the Services. We share your Personal Information with selected third parties, including:

• Other users who see your Personal Information (such as your username and email) and any other information you choose to share with them through the Services.
• Firebase / Google Cloud — We use Google Firebase and Google Cloud Platform for database services, cloud storage, user authentication, and cloud functions that power core Service functionality. Firebase is based in the United States.
• Amazon Web Services (AWS) — Cloud service provider we rely on for compute and data storage, based in the United States.
• Twilio — Telephony and communications provider that powers our cloud calling features, including phone number provisioning, inbound/outbound calls, call recording, and SMS. Twilio is based in the United States. More information: https://www.twilio.com/legal/privacy.
• VAPI — AI voice agent provider that powers automated AI-driven outbound calls made through the Service. VAPI is based in the United States.
• OpenAI — Artificial intelligence service provider that powers AI chat, transcription processing, embedding generation, content summarization, email generation, and other AI features of the Service. OpenAI is based in the United States. More information: https://openai.com/privacy.
• Weaviate — Vector database provider that powers semantic search functionality across your files, transcriptions, and other content stored in the Service. Weaviate processes embeddings derived from your content.
• ElevenLabs — Text-to-speech provider that powers voice synthesis features of the Service. ElevenLabs processes text content you submit for speech generation.
• Recall.ai — Meeting bot provider that enables automated meeting recording by deploying bots to Zoom, Google Meet, and Microsoft Teams meetings on your behalf. Recall.ai processes meeting audio and video data.
• Resend — Email delivery provider that powers transactional and notification emails sent by the Service, including booking confirmations, sharing notifications, and other operational communications.
• CloudConvert — File conversion provider used to process and convert files uploaded to the Service into supported formats.
• RunPod — GPU compute provider used for audio transcription processing. RunPod processes audio data to generate transcriptions.
• Platform support providers who help us manage and monitor the Services, including Amplitude, which is based in the U.S. and provides user event data for our Services.
• Data labeling service providers who provide annotation services and use the data we share to create training and evaluation data for Scribed's product features.
• Mobile advertising tracking providers who help us measure our advertising effectiveness.
• Analytics providers who provide analytics, segmentation and mobile measurement services and help us understand our user base. We work with a number of analytics providers, including Google LLC, which is based in the U.S. You can learn about Google's practices by going to https://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
• Advertising Partners: We work with third party advertising partners to show you ads that we think may interest you. Some of our advertising partners are members of the Network Advertising Initiative (http://optout.networkadvertising.org/) or the Digital Advertising Alliance (http://optout.aboutads.info/). If you do not wish to receive personalized ads, please visit their opt-out pages to learn about how you may opt out of receiving web-based personalized ads from member companies. You can access any settings offered by your mobile operating system to limit ad tracking, or you can install the AppChoices mobile app to learn more about how you may opt out of personalized ads in mobile apps.
• Pipedrive, GitHub, Vercel, Asana — When you authorize integrations with these third-party services, we share and receive data as necessary to provide the integration functionality you have enabled. Data shared with these services is governed by their respective privacy policies.
• Payment processors, such as Stripe. These payment processors are responsible for the processing of your Personal Information, and may use your Personal Information for their own purposes in accordance with their privacy policies. More information is available here: https://stripe.com/privacy.
• Law enforcement agencies, public authorities or other judicial bodies and organizations. We disclose Personal Information if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to comply with a legal obligation, process or request; enforce our terms of service and other agreements, policies, and standards, including investigation of any potential violation thereof; detect, prevent or otherwise address security, fraud or technical issues; or protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organizations for the purposes of fraud protection).
• Change of corporate ownership. If we are involved in a merger, acquisition, bankruptcy, reorganization, partnership, asset sale or other transaction, we may disclose your Personal Information as part of that transaction.
• Data Licensing and Commercial Partners. We may license, sell, or share de-identified, aggregated, or anonymized data (Derived Data) with third parties for commercial purposes, including AI/ML companies for model training, data analytics firms, market research organizations, enterprise customers, academic institutions, and other commercial partners. Derived Data shared in this manner does not directly identify individual users and has been processed using commercially reasonable de-identification techniques. For the purposes of the California Consumer Privacy Act (CCPA), the sharing of de-identified data that meets the CCPA's de-identification standards does not constitute a “sale” of personal information. However, to the extent any data sharing may constitute a “sale” or “sharing” under the CCPA or similar state laws, you may exercise your right to opt out as described in Section 9 of this Policy and Section 8.6 of our Terms of Service.
• AI Model Training Partners. We may share User Content, including transcriptions and recordings, with AI research organizations and model training partners for the purpose of training, improving, and developing AI systems. When sharing data for AI training purposes, we use commercially reasonable efforts to de-identify such data; however, certain data (such as voice recordings and transcription text) may contain information that is inherently difficult to fully de-identify.

5. HOW LONG WE STORE YOUR INFORMATION

Scribed AI stores all Personal Information for as long as necessary to fulfill the purposes set out in this Policy, or for as long as we are required to do so by law or in order to comply with a regulatory obligation. When deleting Personal Information, we will take measures to render such Personal Information irrecoverable or irreproducible, and the electronic files which contain Personal Information will be permanently deleted.

Call Recordings. Call recordings made through our telephony features are retained for the duration of your active account unless you delete them earlier. Upon account termination, call recordings are deleted in accordance with our standard data retention schedule. You may delete individual call recordings at any time through the Service.

AI Processing Data. Data sent to third-party AI providers (such as OpenAI) for processing is subject to the data retention policies of those providers. Scribed AI does not control the retention practices of third-party AI providers once data has been transmitted for processing, though we select providers that commit to appropriate data handling practices.

6. TELEPHONY-SPECIFIC PRIVACY DISCLOSURES

Our cloud telephony features enable you to make and receive phone calls, purchase and provision phone numbers, record calls, and deploy AI voice agents. The following additional disclosures apply to your use of these features:

Call Data Collection. When you use our telephony features, we collect and process call metadata (including phone numbers of all parties, call duration, timestamps, and call direction), call recordings (when recording is enabled by you), voicemails, and call quality metrics. This data is processed by our telephony provider Twilio and stored on our servers.

Call Recording Storage. Call recordings are stored securely and are accessible only to authorized users within your account or organization. Recordings are encrypted at rest and in transit. You are solely responsible for ensuring that you have obtained all necessary consents before recording any call, in compliance with applicable federal and state laws (including one-party and all-party consent jurisdictions).

AI Agent Calls. When you use AI agent calling features, the content of the conversation is processed by our AI voice provider (VAPI) and our AI processing provider (OpenAI) in real time to generate responses. Conversation content may be temporarily stored by these providers for the duration of the call and for a limited period thereafter in accordance with their data retention policies.

Phone Number Privacy. Phone numbers you purchase through the Service are provisioned through Twilio and are subject to Twilio's privacy practices. Your purchased phone numbers may be visible to individuals you call or who call you, unless you configure caller ID settings otherwise.

7. AI DATA PROCESSING

Scribed AI uses artificial intelligence extensively to power features of the Service, including third-party large language models (LLMs) and other AI systems. This section describes how your data is processed in connection with AI features and the risks associated with such processing.

Data Sent to AI Providers. When you use AI-powered features (including AI chat, meeting summaries, email generation, AI agent calls, and semantic search), relevant portions of your data are transmitted to third-party AI service providers, primarily OpenAI, for processing by large language models and other AI systems. The data sent may include transcription text, chat messages, contact information, file content, voice recordings, and other contextual data necessary to generate the requested AI output. You acknowledge that this data transmission is fundamental to the operation of the Service and that you cannot use AI-powered features without such transmission.

AI Provider Data Handling. While we seek to select AI providers that offer appropriate data handling commitments, you acknowledge that: (a) once data is transmitted to third-party AI providers, Scribed AI has limited control over how such data is processed, stored, cached, or retained by those providers; (b) AI providers may store your data temporarily or for extended periods for processing, caching, abuse monitoring, safety reviews, and compliance purposes; (c) AI provider policies and practices may change over time; and (d) the data handling practices of third-party AI providers are governed by their own terms and privacy policies, not this Policy. We encourage you to review the privacy policies of our AI providers, including OpenAI (https://openai.com/privacy).

Embeddings and Vector Data. To power semantic search across your files, transcriptions, and other content, we generate mathematical representations of your content (known as “embeddings”) using AI models. These embeddings are stored in our vector database provider (Weaviate) and are used to provide search functionality within your account. Embeddings are mathematical representations that may also be used for analytics, product improvement, and the development of Derived Data products.

AI Output Accuracy. AI-generated content (including summaries, email drafts, chat responses, and AI agent conversations) may contain inaccuracies, errors, fabrications, biases, or inappropriate content. Scribed AI does not guarantee the accuracy, completeness, or reliability of any AI-generated output. You are solely responsible for reviewing, verifying, and validating all AI-generated content before use, distribution, or reliance. Scribed AI shall not be liable for any damages, losses, or consequences arising from reliance on AI-generated content.

AI Processing for Data Commercialization. In addition to providing the Service, your data may be used through AI processing to create Derived Data products, train proprietary AI models, and generate insights that may be commercialized as described in Section 7A and our Terms of Service (Section 8.6).

7A. DATA MONETIZATION AND COMMERCIAL USE

This section provides detailed information about how Scribed AI monetizes and commercially uses data collected through the Service. Please read this section carefully.

Types of Data Subject to Commercialization. Scribed AI may commercially use the following categories of data:

• De-Identified Data: Personal Information that has been processed to remove or obscure direct identifiers (such as names, email addresses, and phone numbers) using commercially reasonable de-identification techniques.
• Aggregated Data: Data that has been combined across multiple users to produce statistical, demographic, or trend-based datasets that do not identify individual users.
• Derived Data: New data products created by analyzing, transforming, or processing User Content and Usage Data, including AI model outputs, embeddings, analytics, insights, and benchmarks.
• Usage Patterns and Analytics: Aggregated information about how users interact with the Service, including feature usage statistics, engagement metrics, and behavioral patterns.
• AI Training Data: User Content (including transcriptions, recordings, and text) that is used to train, fine-tune, or improve AI models, which may be shared with or licensed to AI training partners.

How Data May Be Commercialized. Scribed AI may commercialize data in the following ways:

• Licensing de-identified or aggregated datasets to third-party businesses, researchers, and data brokers;
• Selling aggregated analytics, insights, and benchmark reports to enterprise customers;
• Providing de-identified data to AI/ML companies for model training and development;
• Sharing aggregated usage data with advertising and marketing partners;
• Licensing Derived Data products to academic and research institutions;
• Using data to develop and license proprietary AI models and technology; and
• Any other lawful commercial use of de-identified, aggregated, or Derived Data.

Compliance Framework. When monetizing or commercially using data, Scribed AI commits to the following compliance standards:

• CCPA Compliance: To the extent any data sharing constitutes a “sale” or “sharing” of personal information under the California Consumer Privacy Act (CCPA), Scribed AI will honor consumer opt-out requests submitted through the mechanisms described in Section 9. We do not knowingly sell the personal information of consumers under the age of 16.
• GDPR Compliance: For data subjects in the European Economic Area (EEA) and United Kingdom, data commercialization activities are conducted on the basis of legitimate interest (where applicable) or consent. You may exercise your rights under GDPR, including the right to object to processing based on legitimate interest, as described in Section 9.
• De-Identification Standards: Scribed AI uses commercially reasonable de-identification techniques, including removal of direct identifiers, generalization of quasi-identifiers, and application of statistical techniques to reduce re-identification risk. However, no de-identification method is guaranteed to be irreversible, and there is a residual risk that de-identified data could be re-identified through combination with other data sources.
• Contractual Protections: When sharing data with third parties, Scribed AI requires contractual provisions prohibiting the recipient from attempting to re-identify de-identified data and requiring the recipient to maintain appropriate security measures.

Your Choices. You have the following choices regarding data commercialization:

• Opt-Out of Sale/Sharing (CCPA): California residents may opt out of the sale or sharing of their personal information by contacting us at support@scribed.ai.
• Right to Object (GDPR): EEA and UK residents may object to data processing based on legitimate interest by contacting us at support@scribed.ai.
• Account Deletion: You may request deletion of your account and Personal Information as described in Section 9. Please note that de-identified, aggregated, or Derived Data created prior to your deletion request may be retained, as it no longer constitutes Personal Information.
• Do Not Use the Service: If you do not agree with our data commercialization practices, you should not use the Service.

No Compensation. You acknowledge that you will not receive any compensation, royalties, revenue sharing, or other payment in connection with Scribed AI's commercialization of data derived from your use of the Service, except as may be separately agreed in writing.

8. NEWSLETTER AND MARKETING COMMUNICATIONS

Newsletter Signups. If you subscribe to our newsletter or register for a webinar, we collect your name and email address. We use this information to send you the communications you have requested, as well as occasional updates about our products and services.

Opt-Out. You may unsubscribe from marketing communications at any time by clicking the “unsubscribe” link at the bottom of any marketing email, or by contacting us at support@scribed.ai. Please note that even if you opt out of marketing communications, we may still send you transactional and operational emails related to your use of the Service (such as account confirmations, security alerts, and billing notifications).

CAN-SPAM Compliance. We comply with the CAN-SPAM Act and similar anti-spam legislation. All marketing emails include our physical address, a clear identification of the message as an advertisement (where applicable), and a functioning unsubscribe mechanism.

9. YOUR RIGHTS

In certain circumstances you have the following rights in relation to your Personal Information that we hold.

Access. You have the right to access the Personal Information we hold about you, and to receive an explanation of how we use it and who we share it with.

Correction. You have the right to correct any Personal Information we hold about you that is inaccurate or incomplete.

Erasure. You have the right to request for your Personal Information to be erased or deleted.

Object to processing. You have the right to object to our processing of your Personal Information where we are relying on a legitimate interest or if we are processing your Personal Information for direct marketing purposes.

Restrict processing. You have a right in certain circumstances to stop us from processing your Personal Information other than for storage purposes.

Portability. You have the right to receive, in a structured, commonly used and machine-readable format, Personal Information that you have provided to us if we process it on the basis of our contract with you, or with your consent, or to request that we transfer such Personal Information to a third party.

Withdraw consent. You have the right to withdraw any consent you previously applied to us. We will apply your preferences going forward, and this will not affect the lawfulness of processing before your consent was given.

Please note that, prior to any response to the exercise of such rights, we will require you to verify your identity. In addition, we may require additional information (for example, why you believe the information we hold about you is inaccurate or incomplete) and may have valid legal reasons to refuse your request. We will inform you if that is the case. For more information on how to exercise your rights, or to exercise your rights, please email support@scribed.ai.

If you are a California resident, California law affords you certain rights regarding our collection and use of your personal information.

10. DATA PRIVACY FRAMEWORK PRINCIPLES

Scribed AI complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce.

11. CHILDREN

The Service and Website are not targeted at children, and we do not knowingly collect Personal Information from children under the age of 13. If you learn that a child has provided us with Personal Information in violation of this Policy, please contact us as indicated below.

12. CONTACT & COMPLAINTS

For inquiries or complaints regarding this Policy, please first contact us at support@scribed.ai and we will endeavor to deal with your complaint as soon as possible. This is without prejudice to your right to launch a claim with a data protection authority.

If you are based in the EEA or the UK, you may also make a complaint to either the Irish Data Protection Commission (on +353 578 684 800 or via https://forms.dataprotection.ie/contact) or the UK's ICO (on +44 303 123 1113 or via https://ico.org.uk/make-a-complaint/), or to the supervisory authority where you are located.

13. DATA SECURITY

Scribed AI maintains and implements physical, administrative, and technical safeguards to protect the confidentiality, integrity, and availability of personal information. This includes encryption of data at rest and in transit, access controls, and regular security assessments. However, the transfer of Personal Information through the internet will carry its own inherent risks and we do not guarantee the security of your data transmitted through the internet. You make any such transfer at your own risk.

The Website and Service may provide features or links to websites and services provided by third parties. Any information you provide on Apps, third-party websites or services is provided directly to the operators of such websites or services and is subject to their policies governing privacy and security, even if accessed via our Website or in connection with our Service.

14. CROSS-BORDER DATA TRANSFERS

To facilitate our global operations, Scribed AI may transfer, store and process your operations with our partners and service providers based outside of the country in which you are based. Laws in those countries may differ from the laws applicable to your country of residence. Where we transfer, store and process your Personal Information outside of the EEA or the UK we will ensure that the appropriate safeguards are in place to ensure an adequate level of protection such as through acceding to the Standard Contractual Clauses. Further details regarding the relevant safeguards can be obtained from us on request.

15. CHANGES

Where required, we will update this Policy from time to time. When we do so, we will make it available on this page and indicate the date of the latest revision. Please check this page frequently to see any updates or changes to this Policy.

16. ABOUT US

If you have any questions, comments or concerns about our Privacy Policy, you may contact us by email at support@scribed.ai attn: Privacy Officer or by mail to: