Legal

Privacy Policy

How we collect, use, and protect your information

Our Commitment to Privacy

At SCALABLY, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

Information We Collect

We collect information that you provide directly to us when you:

  • Fill out forms on our website, including information such as name, email address, and company name
  • Correspond with us via email or any other communication channel
  • Subscribe to our newsletter or marketing communications
  • Request a consultation about our AI agent solutions
  • Provide feedback or respond to surveys

Automatically Collected Information

When you visit our website, we may automatically collect certain information about your device, including:

  • IP address, browser type, operating system
  • Pages you view, time spent on pages, links clicked
  • Referral source that directed you to our site
  • Information collected through cookies and similar technologies

How We Use Your Information

We use the information we collect for various business purposes, including to:

  • Provide, maintain, and improve our services
  • Process and complete transactions
  • Send you technical notices, updates, security alerts, and administrative messages
  • Respond to your comments, questions, and requests
  • Communicate with you about products, services, offers, and events
  • Monitor and analyze trends, usage, and activities in connection with our services
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Personalize and improve your experience on our website

Information Sharing and Disclosure

We may share your personal information in the following situations:

  • With Service Providers: We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us.
  • Business Transfers: If we're involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.
  • With Your Consent: We may share your information with your consent or at your direction.

Data Security

We implement appropriate technical and organizational measures to protect the security of your personal information. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal information:

  • The right to access the personal information we have about you
  • The right to request correction of inaccurate personal information
  • The right to request deletion of your personal information
  • The right to object to processing of your personal information
  • The right to data portability
  • The right to withdraw consent at any time

To exercise any of these rights, please contact us at [email protected].

Meeting Recording and Transcription Data

When you connect your Zoom, Google Meet, or Microsoft Teams account to SCALABLY and use our meeting assistant features, we collect and process the following data:

Audio Data: We capture meeting audio in real-time for the purpose of generating live transcriptions. Audio is processed by our speech-to-text service and is not retained after transcription is complete unless recording is explicitly enabled.

Transcription Data: We generate text transcriptions of meeting conversations, including speaker identification and timestamps. Transcriptions are used to create meeting summaries, action items, and follow-up documents.

Meeting Metadata: We collect meeting identifiers, participant names (as provided by the meeting platform), meeting duration, and platform information (Zoom, Google Meet, or Teams).

Meeting Summaries and Documents: We generate AI-powered meeting summaries, action items, decisions, and formatted documents (DOCX) based on the transcription data.

We do not collect or process meeting video content. We do not access participants' cameras, screen shares, or any visual content from meetings.

How We Use Meeting Data

Meeting data is used exclusively to:

  • Provide real-time transcription during your meetings
  • Generate post-meeting summaries and documents
  • Respond to direct questions about meeting content during active sessions
  • Create and deliver meeting notes to authorized users

We do not use your meeting data to train AI models. We do not sell, rent, or share your meeting data with third parties for their own purposes.

Data Retention and Deletion

Transcription and meeting data is retained for a maximum of 30 days from the date of the meeting, after which it is automatically deleted from our systems. You may request earlier deletion at any time by contacting us.

OAuth tokens (Zoom, Google, Microsoft) are stored securely and encrypted at rest. Tokens are retained only as long as your account is connected and are deleted immediately upon disconnection or deauthorization.

Audio recordings (when enabled) are retained for 7 days and then automatically deleted. You may download recordings during this period.

Zoom App Deauthorization

When you disconnect or deauthorize the SCALABLY Zoom app:

  1. We immediately revoke and delete your stored Zoom OAuth tokens (access token and refresh token)
  2. We delete all meeting transcription data associated with your Zoom account within 24 hours
  3. We delete any stored meeting recordings within 24 hours
  4. We process Zoom's deauthorization webhook notification and confirm data removal

You can deauthorize at any time through your Zoom account settings (Settings → Apps → Manage) or by contacting us at [email protected].

Third-Party Service Providers

We use the following categories of third-party service providers to deliver our meeting assistant services:

Provider Category Purpose Data Accessed
Cloud Infrastructure (AWS/Hetzner) Hosting and compute All service data
Speech-to-Text Processing Audio transcription Meeting audio (processed in real-time, not stored by provider)
Text-to-Speech Synthesis Voice responses in meetings Text content only
Meeting Platform APIs (Zoom, Google, Microsoft) Meeting access and control OAuth tokens, meeting identifiers

All third-party providers are contractually bound to process data only on our behalf and in accordance with this Privacy Policy.

Your Rights Under GDPR (European Economic Area)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate personal data.
  • Right to Erasure ("Right to Be Forgotten"): You may request deletion of your personal data. For meeting data, this is handled automatically per our retention policy or upon deauthorization.
  • Right to Restrict Processing: You may request that we limit how we use your data.
  • Right to Data Portability: You may request your data in a structured, machine-readable format.
  • Right to Object: You may object to processing of your personal data for certain purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Legal Basis for Processing: We process meeting data based on your explicit consent (connecting your meeting platform account) and our legitimate interest in providing the services you requested.

Data Transfers: Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required.

Your Rights Under CCPA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information.
  • Right to Opt-Out of Sale: We do not sell your personal information. We never have and never will.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at [email protected] or submit a request through our website.

Data Security for Meeting Data

Meeting data is protected with the following security measures:

  • Encryption in Transit: All data transmitted between your meeting platform, our servers, and your devices is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: Stored meeting data, OAuth tokens, and transcriptions are encrypted at rest using AES-256 encryption.
  • Access Controls: Meeting data is accessible only to the authorized user who initiated the recording. Administrative access is limited to authorized personnel on a need-to-know basis.
  • Token Security: Zoom OAuth tokens are stored encrypted and are never exposed in logs, URLs, or client-side code. Tokens are automatically refreshed and old tokens are securely destroyed.

AI Processing Disclosure

SCALABLY uses artificial intelligence to:

  • Transcribe meeting audio to text (speech-to-text)
  • Generate meeting summaries, action items, and key decisions
  • Detect when meeting participants address the AI assistant directly
  • Synthesize voice responses when explicitly requested (text-to-speech)

AI processing occurs in real-time during meetings and post-meeting for document generation. We do not use your meeting data to train, fine-tune, or improve our AI models or any third-party AI models. Your meeting content is processed solely to deliver the services you requested.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our website and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please contact us at:

[email protected]

Effective Date: March 31, 2026