Privacy Policy
This policy covers all ScribbleSoft hosted products: the Amalgamind platform, client portals, public portal pages, and Tailboard. In short: we collect what we need to run the Service, we do not sell your data, and we do not train AI models on your content.
1. What we collect
Account data: name, email, role, company, authentication records.
Customer Content: documents, reports, observations, knowledge entries, board tasks, chat messages, form submissions — whatever you and your team put into your portal.
Voice data: when you talk to an AI agent (portal voice cards, public greeter, Tailboard voice input), the call is recorded and transcribed. We provide a disclosure at the start of each voice interaction that it is recorded and transcribed to build your report. The transcript and an AI-generated summary are stored in your portal.
Usage data: feature usage counts (reports run, calls made, messages sent), timestamps, device and browser type, IP address. We meter usage to operate plan allowances and abuse protection (see Terms Sections 5–6).
Payment data: handled by Stripe. We never store full card numbers.
Public page visitors: if you interact with a public portal page (greeter chat, public voice, forms), we collect what you submit, plus basic technical data. The portal owner also receives what you submit — their privacy practices are their own.
2. How we use it
To provide the Service: generate your reports and documents, run your portal, deliver AI features. To operate the business: billing, support, abuse protection, security. To improve the Service: aggregate, de-identified usage statistics.
WE DO NOT SELL PERSONAL INFORMATION. WE DO NOT USE CUSTOMER CONTENT TO TRAIN AI MODELS.
3. Who processes it (subprocessors)
We use vetted service providers under contract:
- Supabase — database, authentication, file storage (US region)
- Anthropic — AI text processing (generation, summarization)
- Millis AI — voice agent infrastructure (speech-to-text, text-to-speech, call handling)
- Stripe — payment processing
- Netlify — web hosting and delivery
- Resend — transactional email
We will update this list here when it changes; material additions get at least 15 days notice.
4. Retention
Customer Content: for the life of the account, plus the post-termination export window (30 days, see the Terms), then deletion from production systems. Backups age out within 35 days after that.
Voice recordings: the transcript and summary are kept as Customer Content; raw audio is deleted within 30 days of the call.
Usage and billing records: kept as required for tax and accounting.
5. Your rights
You can access, correct, export, or delete your data. Portal owners control their team's portal data; individual users should route requests through their portal owner where the data belongs to the company. Contact: privacy@volty.ai.
California residents have the rights to know, delete, correct, and opt out of sale or sharing — and we do not sell or share personal information for cross-context behavioral advertising. The Service is offered to U.S. businesses; we are not currently directed at the EU or UK.
6. Security
Encryption in transit and at rest; tenant isolation enforced at the database row level; role-based access; least-privilege service keys; audit logging on administrative actions. No method is 100% secure; we will notify affected customers of a breach as required by law.
7. Cookies and local storage
We use strictly necessary cookies and local storage for login sessions and preferences. We do not use third-party advertising trackers, and our marketing sites (scribble-soft.com and volty.ai) are tracker-free.
8. Children
The Service is a workplace tool, not directed to children, and not for use by anyone under 16.
9. Changes; contact
We version this policy and give notice of material changes. Contact: privacy@volty.ai · ScribbleSoft, LLC, 1516 28th Avenue South, St. Petersburg, FL 33705 (correspondence address; the company is an Arizona limited liability company, registered at 5136 E. Evergreen Street, Unit 1027, Mesa, AZ 85205).