Privacy Policy

Effective Date: Sep 23, 2025

1. Introduction

This Policy explains how Call Scribe ("we") collects and uses personal data when you visit callscribeai.com or use our call capture, transcription, and LLM analysis services ("Service"). By using the Service, you agree to this Policy and our Terms.

2. Roles

• Customer content (audio, transcripts, analyses): we act as processor for your organization. A DPA is available.
• Site, account, and billing data: we act as controller.

3. Data We Collect

• a) Account and billing: name, email, password hashes, workspace settings, plan, payment details via our payment processor.
• b) Service content: call audio, uploads, transcripts, summaries, labels, prompts, and outputs you create.
• c) Metadata: caller/participant identifiers, timestamps, duration, device, IP, approximate location, file hashes.
• d) Usage and diagnostics: events, logs, crash reports.
• e) Cookies and similar tech: for authentication, preferences, analytics, and fraud prevention. See our Cookie Policy.

4. Sources

• You and your users upload or record calls.
• Authorized integrations you connect.
• Automatically from your device and our systems.

5. How We Use Data

• Provide, transcribe, analyze, and deliver the Service.
• Maintain security, prevent abuse, and troubleshoot.
• Improve quality and reliability, including model prompting and evaluation for your workspace.
• Communicate about the Service and important changes.
• Comply with law.

6. AI and Model Use

We send audio and/or text to transcription vendors and LLM providers to generate outputs.
We do not allow training of foundation models on your Customer Content without your explicit opt-in. Providers may process data for safety, abuse prevention, and service delivery.

7. Legal Bases (EEA/UK)

We rely on contract performance, legitimate interests (security, improvement), legal obligation, and consent where required.

8. Your Responsibilities and Consent

You must follow call-recording and privacy laws and obtain required consent from all participants before recording or uploading content.

9. Sharing

We share personal data with:

• Sub-processors: cloud hosting, storage, transcription, redaction, LLMs, email, analytics, payments.
• Professional advisors and legal authorities where required.
• Buyers in a change of control, under safeguards.

We do not sell personal information.

10. International Transfers

We may transfer data internationally. Where required, we use SCCs/IDTA and other safeguards.

11. Security

We use industry-standard measures, including encryption in transit and at rest, access controls, and logging. No system is perfectly secure.

12. Data Retention and Deletion

• By default we retain audio, transcripts, and analysis for up to 30 days for debugging and analytics, then delete automatically.
• You may request earlier deletion.
• Residual backups may persist for a limited period.

13. Your Choices

• You may access, export, correct, or delete your data.
• You may manage cookies and preferences.
• You may opt out of non-essential processing where required.

14. Data Subject Rights

You have rights under applicable law to access, correct, delete, or restrict your data.
You may object to certain processing or withdraw consent where applicable.

15. Children

Our Service is not intended for children under 13. We do not knowingly collect personal data from children.

16. Changes

We may update this policy. We will notify you by posting the new effective date.

17. Contact