Privacy Policy

This policy explains what we collect, how we use it, who we disclose it to, and your choices.

Last updated: September 2, 2025

It applies to our websites, products, and services offered by Scotty AI, Inc. using the Calltree brand ("we", "us", "our").

1) Scope & our role

  • For most Service Data we handle on behalf of our business customers, they are the controller and we act solely as their processor/agent under our contract and their instructions.
  • For limited information we collect directly from business contacts through our sites or service administration, we are the controller.

2) What we collect

  • Business contact and account information — name, work email, phone, organization, role, preferences, and information you choose to share when you contact us.
  • Service Data — customer‑provided information and operational metadata needed to operate the service. We do not collect HR/employee data in the employment context under this policy.

3) How we use information

  • Deliver, secure, and maintain our AI customer‑service agent solutions.
  • Provide support and respond to requests.
  • Monitor performance, troubleshoot, and improve features.
  • Comply with law, enforce terms, and protect rights, safety, and users.

When we act as a processor, we handle Service Data only as permitted by our contract.

4) Disclosures to third parties

  • Service providers (processors) that operate and support our services (e.g., hosting, security, support).
  • Public authorities or other parties where required by law, including to meet national security or law‑enforcement requirements.
  • A successor in a merger, acquisition, or similar transaction.

We remain responsible for onward transfers to our agents under the DPF (see below).

5) International transfers and data location

We operate in the United States and the United Kingdom.

  • For UK customers, we store personal data in the UK by default.
  • If UK personal data is accessed from or transferred to the United States (for example, for support), we will rely on the UK‑US Data Bridge once our U.S. entity appears as Active with the UK Extension on the DPF List; otherwise, we will apply appropriate safeguards (such as the UK IDTA or EU SCCs with the UK Addendum) or restrict access to the UK only.

6) Data Privacy Framework — EU‑U.S. and UK Extension — Non‑HR data — pre‑listing language

Scotty AI, Inc. commits to comply with the EU‑U.S. Data Privacy Framework (DPF) Principles and the UK Extension to the EU‑U.S. DPF for Non‑HR personal data received from the EEA and the UK, and is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). If there is any conflict between this notice and the DPF Principles, the Principles govern. When we process Service Data as a processor/agent for a business customer, that customer is responsible for providing notice and choice; we process only on their instructions and assist them in honoring individual rights under the DPF Principles.

Complaints and independent recourse (free). We will respond within 45 days to complaints at privacy@calltree.ai. If unresolved, you may file a complaint — at no cost to you — with our Independent Recourse Mechanism (IRM):

Binding arbitration. As a last resort, you may invoke binding arbitration under Annex I of the DPF.

Onward transfers. We require third‑party agents to provide at least the same level of protection as the DPF Principles, and we remain responsible as described above.

Program information. Learn more at the Data Privacy Framework website: https://www.dataprivacyframework.gov/s/.

Note on the UK‑US Data Bridge. We will rely on the UK‑US Data Bridge for UK→US transfers once our organization appears as "Active" with the "UK Extension" on the DPF List. We will update this notice with a direct link to our listing when live.

7) Your rights and choices

If we are the controller of your information (for example, business contact or account information), you may access, correct, delete, port, object to, or restrict certain processing by emailing privacy@calltree.ai.

Choice for controller data. You may opt out of our disclosure of your personal data to any third party other than our agents/service providers, or our use of your personal data for a materially different purpose than it was collected for, by emailing privacy@calltree.ai. If we ever collect sensitive personal data, we will obtain opt‑in consent.

Service Data handled as a processor. For Service Data that we process on a customer's behalf, please contact that customer to exercise your privacy rights. We will assist them in responding to your request.

8) Security and retention

We apply administrative, technical, and physical safeguards appropriate to the nature of the data and retain personal data only as long as needed for the purposes above, to comply with law, or as set out in our contracts; then we delete or anonymise it.

9) Children

Our services are not directed to children under 16 and we do not knowingly collect their personal information.

10) Changes

We may update this notice. We will post the new date at the top and, if changes are material, provide additional notice.

11) Contact

Scotty AI, Inc. — Calltree brand
Attn: Privacy
Email: privacy@calltree.ai
\ 221 Kearny Street, Fifth Floor, San Francisco, CA 94108