SCUD Networks

Privacy Policy

Effective Date: December 1, 2025

Scud Networks ("Scud Networks", "we", "our", or "us") respects your privacy and is committed to protecting it through this Privacy Policy. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our software-as-a-service communications platform, including our mobile application available on the Google Play Store and any related websites, applications, and services (collectively, the "Service").

By accessing or using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

Scud Networks is established in the European Union (Estonia) and processes personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Estonian data protection laws.

1.1 Information You Provide Directly

We may collect information that you voluntarily provide, including:

  • Name, company name, job title
  • Email address and phone number
  • Account credentials
  • Billing and subscription information
  • Support requests and communications
  • Any content you transmit through the Service where applicable (e.g., voice metadata, call logs, or messages, depending on configuration)

1.2 Information Collected Automatically

When you use the Service, we may automatically collect:

  • Device information (device model, operating system, unique device identifiers)
  • App version and usage data
  • IP address and approximate location (country or region)
  • Log data, diagnostics, and crash reports

1.3 Audio and Communication Data

If enabled by your organization, the Service may process and store:

  • Voice communications and call recordings
  • Call metadata (time, duration, participants, device identifiers)
  • Transcriptions, translations, sentiment analysis, or AI-generated summaries

Recordings and related data may be stored to provide Service functionality, quality assurance, compliance, training, or customer-requested features. Audio and communication data is processed solely to provide the Service and is not used for advertising.

2. Roles and Responsibilities (Controller & Processor)

Under the EU General Data Protection Regulation (GDPR):

  • Scud Networks OÜ acts as a Data Processor when providing the Service to business or organizational customers, processing personal data on their behalf and in accordance with their documented instructions.
  • Customer organizations act as the Data Controller for personal data of their users, employees, or end customers processed through the Service.
  • In limited cases (such as account registration, billing, marketing communications, and website usage), Scud Networks OÜ may act as an independent Data Controller.

Processing activities are governed by applicable agreements, including data processing agreements (DPAs) where required.

3. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate users and manage accounts
  • Enable communications features (including voice, messaging, and AI-powered functionality)
  • Improve performance, reliability, and user experience
  • Provide customer support and respond to inquiries
  • Process payments and manage subscriptions
  • Comply with legal obligations and enforce our terms

4. How We Share Information

We do not sell personal data. We may share information only as follows:

4.1 Service Providers

With trusted third-party vendors who assist us in operating the Service (e.g., cloud hosting, analytics, customer support, payment processing), subject to confidentiality and data protection obligations.

4.2 Business Customers and Administrators

If you use the Service through an organization, designated administrators may access, review, download, and export call data, recordings, and related metadata in accordance with the organization's internal policies, applicable law, and configuration settings.

4.3 Legal Requirements

When required to comply with applicable laws, regulations, legal processes, or lawful government requests.

4.4 Business Transfers

In connection with a merger, acquisition, financing, or sale of assets, provided that any successor continues to protect your information in accordance with this Privacy Policy.

5. Data Retention

We retain personal data only for as long as necessary to provide the Service, fulfill the purposes described in this Privacy Policy, comply with legal obligations, and resolve disputes. Retention periods may vary depending on data type and contractual requirements.

6. Data Security

We implement appropriate technical and organizational safeguards designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. However, no system is completely secure, and we cannot guarantee absolute security.

7. International Data Transfers

As a company registered in Estonia (European Union), Scud Networks primarily processes data within the EU. Where data is transferred outside the EU/EEA, we rely on lawful transfer mechanisms such as Standard Contractual Clauses (SCCs) or other safeguards approved under GDPR to ensure adequate protection.

8. Your Privacy Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access your personal data (Article 15 GDPR)
  • Rectify inaccurate or incomplete data (Article 16)
  • Request erasure ("right to be forgotten") where applicable (Article 17)
  • Restrict processing (Article 18)
  • Object to processing (Article 21)
  • Receive your data in a portable format (Article 20)

You also have the right to lodge a complaint with your local data protection authority, including the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

Depending on your location, you may have rights to:

  • Access personal data we hold about you
  • Request correction or deletion of personal data
  • Object to or restrict certain processing
  • Request data portability
  • Withdraw consent where processing is based on consent

Requests may be submitted using the contact details below.

9. Children's Privacy

The Service is not directed to children under the age of 13 (or under 16 where required by law). We do not knowingly collect personal data from children.

10. AI Features and User Consent

The Service may include AI-powered features such as voice transcription, translation, sentiment detection, call analytics, and automated summaries.

  • AI features may process voice recordings, call content, and related metadata.
  • AI processing is performed solely to deliver the requested Service functionality and improve communications workflows.
  • AI outputs are not used for advertising or for training third-party AI models.
  • Use of AI features may be configurable or optional depending on organizational settings.

By using the Service, or by an administrator enabling AI features, users acknowledge that their communications may be processed by automated systems in accordance with this Privacy Policy and applicable law. Where required by law, customer organizations are responsible for obtaining any necessary end-user consent for call recording or AI processing.

11. Google Play Compliance

This Privacy Policy is intended to comply with Google Play Developer Program requirements, including transparency regarding data collection, use, and sharing. The Service does not collect or share personal data for advertising purposes unless explicitly disclosed and consented to.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the effective date and, where appropriate, providing additional notice within the Service.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Scud Networks OÜ
Email: [email protected]
Registered Office: Tornimäe tn 5, Kesklinna linnaosa, Tallinn, Harju maakond, 10145, Estonia

This Privacy Policy is provided for general informational purposes and does not constitute legal advice.