Privacy Policy  
Effective Date: December 1, 2025  
Scud Networks (“Scud Networks”, “we”, “our”, or “us”) respects your privacy and is  
committed to protecting it through this Privacy Policy. This Privacy Policy describes how we  
collect, use, disclose, and safeguard information when you use our software-as-a-service  
communications platform, including our mobile application available on the Google Play Store  
and any related websites, applications, and services (collectively, the “Service”).  
By accessing or using the Service, you agree to the practices described in this Privacy Policy.  
1. Information We Collect  
Scud Networks is established in the European Union (Estonia) and processes personal data in  
accordance with the General Data Protection Regulation (GDPR) and applicable Estonian  
data protection laws.  
1.1 Information You Provide Directly  
We may collect information that you voluntarily provide, including:  
Name, company name, job title  
Email address and phone number  
Account credentials  
Billing and subscription information  
Support requests and communications  
Any content you transmit through the Service where applicable (e.g., voice metadata, call  
logs, or messages, depending on configuration)  
1.2 Information Collected Automatically  
When you use the Service, we may automatically collect:  
Device information (device model, operating system, unique device identifiers)  
App version and usage data  
IP address and approximate location (country or region)  
Log data, diagnostics, and crash reports  
1.3 Audio and Communication Data  
If enabled by your organization, the Service may process and store:  
Voice communications and call recordings  
Call metadata (time, duration, participants, device identifiers)  
Transcriptions, translations, sentiment analysis, or AI-generated summaries  
Recordings and related data may be stored to provide Service functionality, quality assurance,  
compliance, training, or customer-requested features. Audio and communication data is  
processed solely to provide the Service and is not used for advertising.  
2. Roles and Responsibilities (Controller & Processor)  
Under the EU General Data Protection Regulation (GDPR):  
Scud Networks OÜ acts as a Data Processor when providing the Service to business or  
organizational customers, processing personal data on their behalf and in accordance with  
their documented instructions.  
Customer organizations act as the Data Controller for personal data of their users,  
employees, or end customers processed through the Service.  
In limited cases (such as account registration, billing, marketing communications, and  
website usage), Scud Networks OÜ may act as an independent Data Controller.  
Processing activities are governed by applicable agreements, including data processing  
agreements (DPAs) where required.  
3. How We Use Information  
We use the information we collect to:  
Provide, operate, and maintain the Service  
Authenticate users and manage accounts  
Enable communications features (including voice, messaging, and AI-powered  
functionality)  
Improve performance, reliability, and user experience  
Provide customer support and respond to inquiries  
Process payments and manage subscriptions  
Comply with legal obligations and enforce our terms  
3. How We Share Information  
We do not sell personal data. We may share information only as follows:  
3.1 Service Providers  
With trusted third-party vendors who assist us in operating the Service (e.g., cloud hosting,  
analytics, customer support, payment processing), subject to confidentiality and data protection  
obligations.  
3.2 Business Customers and Administrators  
If you use the Service through an organization, designated administrators may access, review,  
download, and export call data, recordings, and related metadata in accordance with the  
organization’s internal policies, applicable law, and configuration settings.  
3.3 Legal Requirements  
When required to comply with applicable laws, regulations, legal processes, or lawful  
government requests.  
3.4 Business Transfers  
In connection with a merger, acquisition, financing, or sale of assets, provided that any successor  
continues to protect your information in accordance with this Privacy Policy.  
4. Data Retention  
We retain personal data only for as long as necessary to provide the Service, fulfill the purposes  
described in this Privacy Policy, comply with legal obligations, and resolve disputes. Retention  
periods may vary depending on data type and contractual requirements.  
5. Data Security  
We implement appropriate technical and organizational safeguards designed to protect personal  
data against unauthorized access, disclosure, alteration, or destruction. However, no system is  
completely secure, and we cannot guarantee absolute security.  
6. International Data Transfers  
As a company registered in Estonia (European Union), Scud Networks primarily processes  
data within the EU. Where data is transferred outside the EU/EEA, we rely on lawful transfer  
mechanisms such as Standard Contractual Clauses (SCCs) or other safeguards approved  
under GDPR to ensure adequate protection.  
7. Your Privacy Rights (GDPR)  
If you are located in the European Economic Area, you have the right to:  
Access your personal data (Article 15 GDPR)  
Rectify inaccurate or incomplete data (Article 16)  
Request erasure (“right to be forgotten”) where applicable (Article 17)  
Restrict processing (Article 18)  
Object to processing (Article 21)  
Receive your data in a portable format (Article 20)  
You also have the right to lodge a complaint with your local data protection authority, including  
the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).  
Depending on your location, you may have rights to:  
Access personal data we hold about you  
Request correction or deletion of personal data  
Object to or restrict certain processing  
Request data portability  
Withdraw consent where processing is based on consent  
Requests may be submitted using the contact details below.  
8. Children’s Privacy  
The Service is not directed to children under the age of 13 (or under 16 where required by law).  
We do not knowingly collect personal data from children.  
9. AI Features and User Consent  
The Service may include AI-powered features such as voice transcription, translation,  
sentiment detection, call analytics, and automated summaries.  
AI features may process voice recordings, call content, and related metadata.  
AI processing is performed solely to deliver the requested Service functionality and  
improve communications workflows.  
AI outputs are not used for advertising or for training third-party AI models.  
Use of AI features may be configurable or optional depending on organizational  
settings.  
By using the Service, or by an administrator enabling AI features, users acknowledge that their  
communications may be processed by automated systems in accordance with this Privacy Policy  
and applicable law. Where required by law, customer organizations are responsible for obtaining  
any necessary end-user consent for call recording or AI processing.  
10. Google Play Compliance  
This Privacy Policy is intended to comply with Google Play Developer Program requirements,  
including transparency regarding data collection, use, and sharing. The Service does not collect  
or share personal data for advertising purposes unless explicitly disclosed and consented to.  
11. Changes to This Privacy Policy  
We may update this Privacy Policy from time to time. We will notify users of material changes  
by updating the effective date and, where appropriate, providing additional notice within the  
Service.  
12. Contact Us  
If you have questions or concerns about this Privacy Policy or our data practices, please contact:  
Scud Networks OÜ  
Email: privacy@scudnetworks.com  
Registered Office: Tornimäe tn 5, Kesklinna linnaosa, Tallinn, Harju maakond, 10145, Estonia  
This Privacy Policy is provided for general informational purposes and does not constitute legal  
advice.