Skip links

📣

BIG CONVERSATION COMING NOV 25: Your visitors deserve better. See the future next week.

📣 BIG CONVERSATION COMING NOV 25:
Your visitors deserve better. See the future next week.

We're hiring!

🚀

Want to be part of the wave?

Join Scotty
🚀 Want to be part of the wave?
Talk to Sally
Book a demo
Talk to Sally
Book a demo
Scotty AI
Privacy Policy – Scotty AI

Privacy Policy

Last Updated: August 13, 2025

At Scotty AI, our customers, partners, and users are our true north. Trust is the foundation of our relationship with you, and that starts with respecting and protecting your privacy. This policy is our promise to be transparent about the data we collect, how we use it, and the rights you have to control your information.

We are committed to handling your personal data with the highest standard of care, in compliance with international privacy principles and regulations, including the GDPR.


Purpose and scope

The purpose of this Privacy Policy is to provide a clear understanding of how Scotty AI B.V. (“Scotty AI”, “we”, “us”, or “our”) collects, uses, shares, and protects information.

This policy applies to:

  • Platform users: Individuals and organizations who use the Scotty AI platform and its related services.
  • Website & demo visitors: Individuals who visit our websites, interact with our demos, or participate in our sales and marketing activities.
  • Messaging recipients: Individuals who receive communications from us or on behalf of our customers via channels such as SMS/MMS, for example, as part of 10DLC campaigns in the United States.

This policy does not govern the privacy practices of our customers and partners, who maintain their own privacy policies for the services they provide.


Information we collect and process

We collect and process different types of information depending on your interaction with us. We believe it’s important to distinguish between the data you give us to manage your account, and the data we process on your behalf when you use our platform.

1. Information you provide directly to us (as a data controller)

This is information we collect from you to manage our direct business relationship.

  • Account information: When you sign up for Scotty AI, we collect information like your name, email address, company name, and password.
  • Payment information: When you purchase a subscription, we collect billing details and payment information, which is securely handled by our third-party payment processors.
  • Communications: If you contact us for support or other inquiries, we collect your contact information and the content of your communications.

2. Information we process on behalf of our customers (as a data processor)

When you use the Scotty AI platform, you are the “data controller” for the information you manage, and we act as your “data processor.” We only process this data based on your instructions and for the purpose of providing our services. This “Customer Data” includes:

  • Configuration data: Your use-case configurations, agent settings, integration credentials, channel setups, and any other settings you create within your Scotty AI tenant.
  • Content data: The data that flows through our platform as part of your use case. This can include conversations, voice recordings, audio samples, messages, and data from your integrated third-party systems. This data may contain personal information about your own customers and end-users.
  • Messaging and Channel data: For services like SMS, RCS, or WhatsApp, we process recipient phone numbers, message content, and delivery metadata (e.g., delivery receipts, status), where supported by the channel.

3. Information we collect automatically

When you interact with our websites, demos, or platform, we collect certain information automatically to operate and improve our services.

  • Usage and operational data: We collect metadata about how you use the platform, such as feature usage, API calls, integration performance, and other “sensorized” data that helps us monitor and improve the service.
  • Device and connection information: We may collect your IP address, browser type, operating system, and other technical information when you access our services.

How we use your information

Our use of information is tied directly to the categories described above.

  • To provide and maintain our services: We use the Information We Process on Behalf of Our Customers strictly to operate, secure, and deliver the Scotty AI platform as instructed by you. We will never use your Customer Data for our own marketing or advertising purposes.
  • To manage your account and our relationship: We use Information You Provide Directly to Us to create your account, process payments, send important service-related communications, and respond to your support requests.
  • To improve and secure our platform: We use Information We Collect Automatically, such as usage and operational data, for analytics, to monitor the performance and security of our services, and to develop new features.
  • To Develop Our platform: We may use anonymized and aggregated data derived from Usage and Operational Data. This data does not contain any personal information and is used solely for statistical analysis, performance monitoring, and product improvement.
  • To market our services: We may use your Account Information to send you information about new products or features, which you can opt-out of at any time.
  • To comply with legal obligations: We may use any of your information as necessary to comply with applicable laws, legal processes, or regulations.

How and why we share information

We do not sell your personal data. We only share information in the following limited circumstances:

  • With service providers (sub-processors): We work with trusted third-party companies to help us operate, secure, and improve our services. These sub-processors, such as our cloud hosting provider (e.g., Google Cloud Platform) and payment processor, are only given access to the information necessary to perform their services for us and are bound by strict confidentiality and security obligations.
  • As directed by you: We will share and transfer your Customer Data as you direct us to through your use of the platform, for example, by enabling an integration with a third-party service. You are responsible for managing your own integrations and the data shared through them.
  • For legal compliance and safety: We may disclose information if we believe it’s necessary to comply with a law, regulation, or legal request; to protect the safety of any person; to address fraud, security, or technical issues; or to protect our rights or property.
  • In a business transfer: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such deal and outline your choices in that event.

Cookies and tracking technologies

We use cookies and similar tracking technologies on our website and in our demos to help us operate, analyze, and improve our services. These technologies are used to:

  • Run essential functions of the site.
  • Understand how visitors interact with our content and demos.
  • Measure the effectiveness of our marketing and advertising campaigns.

We provide you with control over non-essential cookies through a consent management tool (cookie banner) on our websites.


Data security, retention, and international transfers

Data security: We have implemented a comprehensive Information Security Management System (ISMS) based on the ISO 27001:2022 framework to protect your data. This includes technical, administrative, and physical safeguards such as encryption, access controls, and secure development practices to ensure the confidentiality, integrity, and availability of your information.

Data retention: We retain your personal data only for as long as necessary to provide our services to you, comply with our legal obligations, or resolve disputes. For more details on our retention periods, please see our Data Retention Policy.

International Data transfers: Our services are hosted primarily in the Netherlands. Your information may be stored and processed in any country where we or our sub-processors have facilities. When we transfer personal data from the European Economic Area (EEA) to other countries, we use appropriate legal mechanisms, such as Standard Contractual Clauses, to ensure your data receives an adequate level of protection.


Your rights and choices

We believe in giving you control over your information. Depending on your location and how you interact with us, you have the following rights:

  • Right to access, correct, or delete: You have the right to request access to, correction of, or deletion of your personal information.
  • Right to object to processing: You have the right to object to our processing of your personal information and to have it restricted.
  • Right to data portability: You have the right to request a copy of your information in a machine-readable format.
  • Right to withdraw consent: Where we rely on your consent to process information, you have the right to withdraw that consent at any time.

Your choices for messaging communications (SMS/MMS)

You have full control over the messages you receive. In accordance with US 10DLC and other telecommunication regulations:

  • Opt-out: You can revoke your consent and opt-out of receiving SMS/MMS messages at any time by replying STOP to any message you receive.
  • Get help: For information about the messaging program, you can reply HELP to any message.

Please note: If you are an end-user of one of our customers, you should direct any rights requests to that customer (the “data controller”). We will assist our customers in responding to your requests.


Children’s privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.


How to exercise your rights

To exercise any of the rights described above, please contact us using the information below. We will respond to your request in accordance with applicable data protection laws.


Changes to this privacy policy

As our platform and the regulatory landscape evolve, we may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice on our platform prior to the change becoming effective. We encourage you to review this policy periodically.


Contact us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:


Scotty AI B.V.
Lange Viestraat 2 B
3511 BK Utrecht
The Netherlands
privacy@scotty-ai.com

This website uses cookies to improve your web experience.
Explore
Drag