Scowtt Privacy Policy

Effective Date: March, 2025

Last Updated: May 20, 2025

This Privacy Policy describes how Scowtt Inc ("we," "us," or "our") collects, uses, and discloses information, including personal data, in connection with your use of our website and services. This policy is drafted based on the principles and obligations outlined in our AI Services Agreement, particularly the Data Processing Addendum.

1. Definitions

Key terms used in this Privacy Policy will have meanings consistent with our AI Services Agreement and applicable data protection laws.

  • Personal Data: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual.  

  • Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means.

  • Customer Data: Any data that you provide or enable us to access in connection with our services, including data from your CRM, marketing data, and data from your websites or mobile apps. This may include Customer Personal Data.  

  • Authorized Users: Your employees or other designees who are authorized to create an account and use our services.  

  • Google Workspace Data: Any data retrieved from Google Workspace APIs including data from Google Calendar API.

2. Information We Collect

We may collect the following types of information:

  • Account Information: When you or your Authorized Users register for an account, we collect information such as name, contact details, and other information provided during registration.  

  • Customer Data: In providing our services, we will have access to and process Customer Data, which may include Personal Data of your prospective and current end-user customers. This can include data from your CRM database, catalog, marketing, appointment data, and other data collected from your websites and mobile apps.  

  • Usage Information: Information about how you and your Authorized Users interact with our services.

  • Information from Ad Accounts and Site Analytics: To provide and optimize our services, and to calculate fees, we may require read and write access to your CRM, and read access to your Google Ad Account, Meta Ad Account, other online ad platform systems, and site analytics.  

3. How We Use Your Information

We process Personal Data in accordance with your documented instructions and for the following Business Purposes:  

  • Providing, maintaining, and improving our services.  

  • Ensuring the security and integrity of Personal Data.  

  • Debugging to identify and repair errors.  

  • Short-term, transient use, including for non-personalized advertising.  

  • Maintaining or servicing accounts and the quality of our services.  

  • Providing customer service.  

  • Processing or fulfilling orders and transactions.  

  • Verifying customer information.  

  • Providing analytic and storage services.  

  • Engaging in internal uses to improve the quality of our services in an aggregate manner.  

  • Providing advertising and marketing services, except for cross-context behavioral advertising.  

  • Auditing related to counting ad impressions or verifying positioning and quality of ad impressions.  

  • Calculating fees and invoicing.  

We will not:  

  • Sell or Share Personal Data.

  • Process Personal Data for any purpose other than the specified Business Purposes or outside of our direct business relationship, except as permitted by Data Protection Laws.

  • Use Google Workspace Data to develop, improve, or train generalized/non-personalized AI and/or ML models.

3.1. Use of Google Workspace Data

With respect to Google Workspace Data and its use in connection with AI/ML models:

  • How We Use Google Workspace Data: We use Google Calendar data to access your event information and determine your availability. This access is for the purpose of enabling scheduling-related functionalities.

  • Data Sharing With Other Processors (OpenAI, Vertex AI, or other approved 3P vendors): We may share your availability (derived from Google Calendar) with our Processors to present scheduling-related functionalities to your end users. Google Workspace Data shared with Other processors will not be used for training generalized/non-personalized AI and/or ML models.

4. Data Sharing and Disclosure

We may disclose Customer Data, including Personal Data:

  • To Service Providers/Subprocessors: We may engage subprocessors to assist in providing our services. We will ensure these subprocessors are subject to a duty of confidentiality and have written contracts requiring them to satisfy substantially the same data protection requirements as outlined in our agreements. A list of our current approved subprocessors:

    • Amazon Web Services, 

    • Google Cloud Platform, 

    • Twilio, 

    • OpenAI  

  • For Legal Reasons: Where required by applicable law or court order. We will use reasonable efforts to provide you with advance notice if legally permissible.  

  • Aggregated Data: We may disclose aggregated Customer Data to third parties in a manner that does not reveal your identity.  

5. Data Security

We have established and will maintain commercially reasonable administrative, physical, and technical safeguards designed to protect Customer Data, including Personal Data. This includes using market-leading cloud hosting vendors (e.g., Microsoft Azure, Amazon Web Services or similar) for hosting services.  

In the event of a Security Breach (accidental, unauthorized, or unlawful destruction, loss, alteration, misuse, modification, or disclosure of Customer Personal Data), we will:  

  • Take reasonably necessary action to stop the active breach or similar recurring breaches.  

  • Promptly notify you in writing of the Security Breach and any related third-party legal process.  

  • Provide reasonable assistance to investigate, evaluate, remediate, and provide notice of the Security Breach.  

  • Provide reasonable assurance that such a Security Breach will not recur.  

6. Data Retention

Personal Data will be retained for the period necessary to fulfill our obligations under our agreement with you, unless retention is required by law. Upon termination of our agreement, we will delete all Customer Personal Data unless legally required to retain it. We will permit access for thirty (30) days after termination to remove Customer Data.  

7. Your Responsibilities and Rights

As our customer, you represent and warrant that you will satisfy all requirements applicable to you under Data Protection Laws. This includes obligations to provide and abide by notices, obtain consents, offer opt-outs and choices, and honor rights requests from individuals. You also represent and warrant that you will not cause us to:  

  • Process Customer Personal Data in violation of any Data Protection Law.  

  • Process any Personal Data that would be considered protected, sensitive, special, or similar under Data Protection Law or other applicable local law, unless you have obtained legally enforceable consents.  

  • Process Personal Data that pertains to a known minor.  

If we receive rights requests from individuals (Consumers) directly pertaining to Customer Personal Data processed on your behalf, we will direct the Consumer to contact you. We will provide commercially reasonable assistance to you as necessary to fulfill such requests, considering the nature of our processing.  

8. International Data Transfers

Our services are not offered outside of the United States. You agree to use commercially reasonable efforts not to cause us to process Personal Data pertaining to individuals located outside of the United States unless we agree to additional terms in writing. Customer Data may be stored in the United States and other countries.  

9. Authorized Users

You are responsible for all Authorized Users' compliance with our agreements and this Privacy Policy. Each account may only be used by one person, and sharing accounts is not permitted. You will ensure that Authorized Users:  

  • Provide accurate, truthful, current, and complete information when creating an account.  

  • Maintain and promptly update account information.  

  • Maintain the security of their account by not sharing passwords and restricting access.  

  • Promptly notify us of any suspected security breaches related to their account.  

  • Take responsibility for all activities that occur under their account.  

10. Confidentiality

We will protect your Confidential Information against unauthorized use or disclosure to the same extent we protect our own Confidential Information of a similar nature, using no less than a reasonable standard of care. Confidential Information will be used solely for the purposes for which it is provided.  

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website or as otherwise required by law.  

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at: support@scowtt.com