Privacy Policy

Last updated: 2026-06-22

1. Who this covers

This Policy explains how Scouti ("we", "us") collects and uses personal data in two distinct contexts:

2. What we collect from dashboard accounts

3. What the widget collects from end-users

When someone interacts with a Scouti widget, we process:

4. Voice recordings — never stored

When a visitor uses the voice input, the audio is sent to our speech-to-text provider — Groq or OpenAI — over an encrypted connection, transcribed to text, and the raw audio is then discarded. We do not retain the audio recording itself, and it is not written to any persistent storage on our side. Only the transcribed text is kept, alongside the rest of the conversation.

5. We do not train AI on your data

We do not use Customer Content or End-User Data to train any AI model. The third-party AI providers we rely on — Fireworks, Alibaba Cloud, Google Gemini, Groq, and OpenAI — are used under their API terms, which by default exclude API submissions from being used to train their models. Customer Content and End-User Data is sent to these providers only as needed to produce a response, and is processed under their commercial agreements rather than their consumer terms.

6. Other processors we use

Scouti uses the following third parties to deliver the Service. Each is bound to handle data only on our instructions and to apply appropriate safeguards:

7. Cookies and local storage

We use a small number of cookies and a local-storage entry to keep you signed in and to remember the active organization. On its own domain, the widget stores a few local-storage entries to keep the chat working across page loads — its session and panel state, one or more session identifiers, and any user identifier the embedding site passes in. See the Cookie Policy for the full list and instructions for managing them.

8. How long we keep data

Dashboard account data is retained while your account is active. If you delete your account, we will delete or anonymize the associated personal data within 30 days, except where we are required to keep records longer (for example, tax records related to your billing).

End-User Data is retained according to your customer's instructions. If a customer terminates their account or asks us to delete a project's conversations, we will do so within 30 days from our active systems.

9. Who can read the conversations — only your team

End-User Data collected through the widget is only accessible to:

We do not sell or rent personal data, and we do not share it with advertisers.

10. Security

We protect data in transit with TLS 1.2 or higher. Data stored in our managed database and object-storage backends is encrypted at rest with AES-256 by our hosting provider (Supabase / AWS). Access to production systems is restricted to a small number of authorized Scouti engineers, authenticated with multi-factor authentication and logged. Customer Content is isolated per project using row-level security policies enforced at the database layer.

If we become aware of a personal-data breach that affects you, we will notify you without undue delay and, where required by Article 33 GDPR, no later than 72 hours after we have become aware of it. The notice will describe what happened, what data was involved, and the steps we are taking in response.

11. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you, to restrict or object to certain processing, or to withdraw consent. To exercise any of these rights, contact us at hello@scouti.chat from the email address on your account.

If you are an end-user of a customer's widget, please direct your request first to that customer (the team that runs the site you were chatting with). They are the data controller for that conversation; we will assist them in honoring your request.

If you are in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data-protection authority.

If you are a California resident, see Your Privacy Choices for a summary of your rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act) and how to exercise them, including our position on "sale" and "sharing" of personal information.

12. Where your data is stored

Stored data. Your account data, conversations, files, and backups are stored only in the United States, in the AWS us-west-2 (Oregon) region. This is the single location where we persistently hold Customer Content and End-User Data.

AI processing. To generate replies and transcribe voice, we send the content needed for a given request to the AI providers listed in Section 6. They process it only transiently to return a response, are contractually prohibited from retaining it beyond what is necessary, and do not use it to train their models. Depending on the provider and model, this brief processing and the inference itself may take place in the United States or in another region outside mainland China.

In no case do we store or process Customer Content or End-User Data in mainland China.

Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we rely on the EU Standard Contractual Clauses (SCCs) — supplemented, where the recipient has self-certified, by the EU–U.S. Data Privacy Framework and its UK Extension and Swiss-U.S. Bridge.

13. Children

The Service is not intended for children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has provided data through our Service, please contact us so we can delete it.

14. Changes to this Policy

We may update this Policy as our practices evolve. The "Last updated" date at the top reflects the current version. Material changes will be announced via email or in the dashboard before they take effect.

15. Contact

For privacy questions, requests, or complaints, email hello@scouti.chat.