Privacy Policy

Skode Technologies ("Skode," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://skodeai.com, use our CRM platform, Flow messaging platform, or any related services (collectively, the "Services").

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Services immediately.

1. Information We Collect

1.1 Information You Provide Directly

Account Information: Name, email address, phone number, company name, job title, and billing information when you register for an account.
CRM Data: Leads, contacts, deals, notes, tasks, invoices, and any other data you enter into the Skode CRM platform.
Communications: Messages you send through our support channels, feedback forms, or live chat.
Payment Information: Credit card numbers, billing addresses, and transaction details processed through our payment provider (Stripe).

1.2 Information Collected Automatically

Usage Data: Pages visited, features used, clicks, session duration, and interaction patterns within our platform.
Device Information: Browser type, operating system, device identifiers, IP address, and screen resolution.
Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies as described in our Cookie Policy.
Log Data: Server logs including access times, referring URLs, and error logs for debugging and security purposes.

1.3 Information from Third Parties

OAuth Providers: If you sign in via Google or other OAuth providers, we receive your name, email, and profile picture.
Integration Partners: Data synced from third-party services you connect to Skode (e.g., email providers, calendar services).

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our Services.
Process transactions, send invoices, and manage billing.
Send you service-related communications, updates, and security alerts.
Provide customer support and respond to your inquiries.
Personalize your experience and deliver relevant content and recommendations.
Analyze usage trends and platform performance to improve our products.
Detect, prevent, and address fraud, abuse, and security issues.
Comply with legal obligations and enforce our Terms of Service.
Send marketing communications (only with your consent, and you may opt out at any time).

3. AI and Automated Data Processing

Skode uses artificial intelligence features to enhance your CRM experience, including voice input transcription, lead scoring, deal predictions, and analytical tools. Here is how we handle data in these contexts:

Voice Input: Audio recordings submitted via the voice input feature are transcribed using third-party AI providers (OpenAI Whisper). Audio is processed in real-time and is not stored after transcription is complete.
AI Analysis: Your CRM data may be processed by AI models to generate insights, predictions, and recommendations. This processing occurs within our secure infrastructure.
No Model Training: We do not use your data to train AI models. Your data is used solely to provide you with AI-powered features within the Services.
Third-Party AI Providers: When data is sent to third-party AI providers for processing (e.g., OpenAI for transcription), it is governed by our data processing agreements with those providers, which prohibit them from using your data for training.

4. How We Share Your Information

We do not sell your personal information. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We may share your information with:

Service Providers: Third-party vendors who assist us in operating the Services (hosting, payment processing, email delivery, analytics). See our Sub-Processors page for a complete list.
Legal Requirements: When required by law, regulation, legal process, or governmental request.
Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets.
With Your Consent: When you explicitly authorize us to share your information with a third party.

4A. Platform-Specific Data Disclosures

When you connect third-party platforms to Skode Flow, we access and process data from those platforms as described below. Data from each platform is processed solely to provide the Services you have requested and is subject to our security measures described in Section 8.

4A.1 Meta (Facebook Messenger & Instagram)

When you connect your Facebook Page or Instagram Professional account to Skode Flow, we access the following data through the Meta Platform API:

Page and profile metadata: Page name, profile picture, page category, and business information associated with your Page or Instagram account.
Messaging data: Messages sent and received through Facebook Messenger and Instagram Direct Messages, including text content, attachments, timestamps, and sender/recipient identifiers.
User profile information: Name, profile picture, and locale of users who message your Page (as permitted by Meta).
Engagement data: Comments, reactions, and post interactions on your Page.

Data collected from Meta platforms is encrypted at rest (AES-256) and in transit (TLS 1.2+). Messaging data is retained for the duration of your subscription. We do not sell or share Meta platform data with third parties except as necessary to provide the Services. Our use of Meta platform data complies with the Meta Platform Terms and Developer Policies. You may disconnect your Meta account and request deletion of associated data at any time via Data Deletion.

4A.2 WhatsApp Business

When you connect your WhatsApp Business account to Skode Flow via the WhatsApp Cloud API, we access:

Business profile information: Business name, description, address, email, website, and profile picture.
Message data: Messages sent and received (text, media, documents, location, contacts), delivery/read receipts, and timestamps.
Phone numbers: Customer phone numbers who message or are messaged by your business.
Template data: Message templates you create and their approval status.

WhatsApp messages are encrypted in transit (TLS 1.2+) and at rest (AES-256). We do not access end-to-end encrypted personal WhatsApp messages — only WhatsApp Business API messages. Our use complies with the WhatsApp Business Terms and Commerce Policy. See our WhatsApp Compliance page for additional opt-in and messaging requirements.

4A.3 TikTok

When you connect TikTok for Business to Skode Flow, you authorize Skode via TikTok's OAuth 2.0 flow, which grants limited access to your TikTok Business account without exposing your TikTok password. We may access:

Business account information: Account name, profile data, and business verification status.
Messaging data: Direct messages sent and received via TikTok Business messaging features.
Lead data: Information submitted through TikTok Lead Generation forms, imported into your CRM for sales follow-up and lead management.
Conversion event data: Where TikTok Events API (Conversions API) is enabled, we may share hashed event data (hashed email, hashed phone number, event type, timestamp) with TikTok for ad optimization, measurement, and attribution purposes.

Device Data Collection Tools (DDCTs): Where TikTok Pixel is deployed on your website through Skode, your website uses device data collection tools operated by third parties including TikTok. These tools collect data about user interactions for the purpose of ad measurement, conversion tracking, and audience targeting. Users may opt out of TikTok ad tracking through TikTok's privacy settings or through our Cookie Policy consent controls.

TikTok data is processed in accordance with the TikTok Terms of Service, TikTok for Business Privacy Policy, and the TikTok Business Products (Data) Terms. We do not sell, share, or disclose TikTok data to third parties except as necessary to provide the Services to you or as required by law. TikTok data is not used to create user profiles, audience segments, or lookalike audiences beyond what is authorized by TikTok's Business Products Data Terms. Upon disconnection of TikTok integration or termination of our developer access, TikTok data is deleted from active systems immediately. Backup purge completes within 90 days. TikTok cookies (where TikTok Pixel is deployed) have a maximum duration of 13 months. See our Cookie Policy for details. You may disconnect your TikTok account and request deletion of associated data at any time via Data Deletion.

4A.4 LinkedIn

When you connect LinkedIn to Skode, you authorize access via LinkedIn's OAuth 2.0 flow. We collect LinkedIn data when you first connect your account and periodically refresh profile data to keep your CRM records current. We may access:

Profile data (authenticated members): Name, headline, profile picture, and company information of members who have authenticated with Skode.
Lead Gen Form response data: Information submitted through LinkedIn Lead Gen Forms, stored per-client in your CRM. Lead Gen Form data is not aggregated across unaffiliated LinkedIn advertising accounts.
Page messaging data: LinkedIn Page messages managed through LinkedIn's authorized Page Messaging API. This does not include access to members' private LinkedIn messages.

Data Retention Limits: We comply with LinkedIn's Data Storage Requirements. Profile data for LinkedIn members who have not directly authenticated with Skode is cached for no more than 24 hours and is not permanently stored. LinkedIn member social activity data (likes, comments, shares) is retained for no more than 48 hours. Lead Gen Form response data is stored in your CRM for as long as your account is active or until you request deletion.

Data Use Restrictions: We do not scrape LinkedIn profiles or access data beyond what is authorized through LinkedIn's official APIs. We do not automate LinkedIn messaging, posting, or connection requests. LinkedIn member data obtained through Community Management APIs is displayed within Skode only and cannot be exported or transferred to third-party systems. We use LinkedIn data only for the specific use cases approved in our LinkedIn Developer Platform application. When processing LinkedIn Lead Gen Form submissions, we capture and respect all consent preferences and custom consent texts configured by the advertiser.

Consent and Deletion: When your LinkedIn OAuth Access Token expires, you will be prompted to re-authenticate and re-consent before data collection resumes. You may withdraw your LinkedIn authorization at any time by visiting LinkedIn Settings > Data Privacy > Permitted Services and removing Skode, or by contacting us. Upon request, we will delete all LinkedIn-sourced data within 10 days. We will comply with any data deletion requests from LinkedIn within the timeframes specified in their API Terms and are prepared to certify compliance upon request.

LinkedIn data is processed in accordance with the LinkedIn API Terms of Use and LinkedIn Marketing Developer Terms. LinkedIn may audit our use of their APIs and data at any time. We maintain records and processes to demonstrate compliance with LinkedIn's API Terms of Use. All LinkedIn-sourced data is subject to the same GDPR and privacy rights described in Section 7 of this Privacy Policy.

4A.5 Google (OAuth, Calendar, Email)

When you sign in with Google or connect Google Workspace, we access:

OAuth profile: Name, email address, and profile picture.
Calendar data: Calendar events for CRM activity sync (if enabled by you).
Email data: Email headers and content for email tracking and logging (if enabled by you).

Our use of Google user data adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4A.6 Snapchat (Snap Kit & Marketing API)

When you connect Snapchat to Skode via Snap Kit (Login Kit), you authorize access through Snap's OAuth flow. We may access:

Profile data: Display name, Bitmoji avatar, and external ID for authentication and personalization.
Conversions API (CAPI) data: Where Snap Conversions API is enabled, we share hashed event data (hashed email, hashed phone number, event type, timestamp) with Snapchat for ad optimization, measurement, and attribution. Users may opt out of Snap ad tracking through their Snapchat privacy settings.
Marketing API data: Ad campaign performance data and audience insights for connected Snapchat advertising accounts.

Snap user data may be shared with sub-processors listed in Section 4 solely as necessary to provide the Services. We do not sell, share, or disclose Snap user data to third parties for their marketing purposes. Snap profile data is retained for a maximum of 36 months; accounts inactive for 90 days are automatically disconnected and associated data deleted. User-level Snap ad attribution data is removed after 2 months in compliance with Snap's data retention requirements. Where Snap Pixel is deployed, consent is obtained before Pixel activation in compliance with GDPR and ePrivacy requirements. See our Cookie Policy for Snap Pixel cookie details.

Our use of Snap data complies with the Snap Developer Terms, Snap Business Services Terms, Snap Conversion Terms, and the Snap Privacy Policy (incorporated by reference). US state privacy laws (including CCPA) apply to Snap user data. You may revoke Snap Kit access through Snapchat Settings and request deletion of Snap-sourced data via Data Deletion. Skode will certify deletion of Snap data upon Snap's request.

4A.7 Telegram (Bot API)

When you connect a Telegram Bot to Skode Flow, we access data through the Telegram Bot API when users interact with your connected Telegram bot. We may access:

User identifiers: Telegram user ID, username, first name, last name, and language code of users who message your bot.
Message data: Text content, media files (photos, documents, voice messages), and chat IDs for conversations with your bot.
Interaction metadata: Timestamps, message delivery status, and callback query data.

Telegram data is used for delivering and receiving messages on your behalf, managing conversations, routing messages to the appropriate team member, providing AI-powered response suggestions (real-time processing only), and analytics. Telegram message content may be processed by AI systems (e.g., OpenAI) for real-time features such as suggested replies and conversation summaries. Telegram data is not used for training, fine-tuning, or developing machine learning or AI models. We only store Telegram data necessary for the messaging service functionality (data minimization).

We do not share Telegram user data with third parties without explicit user authorization or as required by law. Telegram data shared with sub-processors (listed in Section 4) is limited to what is necessary to provide the Services. Telegram data is retained for the duration of your subscription. Upon disconnection of the Telegram integration or account termination, Telegram data is deleted from active systems within 30 days. Backup purge completes within 90 days.

Our use of the Telegram Bot API complies with the Telegram Bot Developer Terms of Service and Telegram Privacy Policy. Users may request deletion of Telegram-sourced data by contacting us at privacy@skodeai.com. Deletion requests are processed within 30 days. Users can also block the bot at any time through Telegram to immediately stop data collection. In the event of a data breach affecting Telegram data, we will notify affected users in accordance with applicable laws.

5. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. For detailed information about the types of cookies we use, how to manage them, and your choices, please refer to our Cookie Policy.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with Services. Specifically:

Account Data: Retained for the duration of your account plus 30 days after deletion request.
CRM Data: Retained for the duration of your subscription. Upon termination, data is available for export for 30 days, then permanently deleted within 90 days.
Billing Records: Retained for 7 years as required by tax and accounting regulations.
Server Logs: Retained for 90 days for security and debugging purposes.
Marketing Data: Retained until you unsubscribe or request deletion.

7. Your Privacy Rights

7.1 Rights Under GDPR (European Economic Area)

If you are located in the EEA, you have the right to:

Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erase your personal data ("right to be forgotten").
Restrict processing of your personal data.
Data portability (receive your data in a structured, machine-readable format).
Object to processing based on legitimate interests or direct marketing.
Withdraw consent at any time where processing is based on consent.
Lodge a complaint with your local data protection authority.

7.2 Rights Under CCPA (California)

If you are a California resident, you have the right to:

Know what personal information we collect about you.
Request deletion of your personal information.
Opt out of the sale of your personal information (we do not sell personal information).
Non-discrimination for exercising your privacy rights.

7.3 Rights Under Indian Data Protection Laws

If you are located in India, you have rights under the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000. You may contact our Grievance Officer for any concerns.

7.4 Rights Under UK GDPR (United Kingdom)

If you are located in the United Kingdom, you have rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, including the right to access, rectify, erase, restrict processing, data portability, and object to processing. You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. Our EU/UK representative can be contacted via our EU/UK Representative page.

7.5 Rights Under New Zealand Privacy Act 2020

If you are located in New Zealand, you have rights under the Privacy Act 2020, including the right to access your personal information, request correction of inaccurate information, and complain to the Office of the Privacy Commissioner. Under Information Privacy Principles (IPPs) 6 and 7, you may request access to and correction of any personal information we hold about you. We will respond to requests within 20 working days. To make a request, contact us at privacy@skodeai.com. You may also lodge a complaint with the Office of the Privacy Commissioner.

7.6 Rights Under UAE Personal Data Protection Law (PDPL)

If you are located in the United Arab Emirates, you have rights under Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and its Executive Regulations. Your rights include the right to access your personal data, request correction or deletion, restrict or object to processing, request data portability, and withdraw consent. We will process requests within 14 days. Personal data of UAE residents is processed in accordance with the requirements of the UAE Data Office. For requests, contact us at privacy@skodeai.com.

8. Data Security

We implement industry-standard security measures to protect your data, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256).
Regular security audits and penetration testing.
Access controls with role-based permissions and multi-factor authentication.
Secure data centers with SOC 2 compliance.
Regular backups with encrypted storage.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. When we transfer data outside your jurisdiction, we ensure appropriate safeguards are in place:

9.1 EU/EEA Transfers

For transfers of personal data outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (adopted June 2021), the EU-US Data Privacy Framework where applicable, or adequacy decisions. We conduct Transfer Impact Assessments (TIAs) and implement supplementary technical measures (encryption, pseudonymization) where required.

9.2 UK Transfers

For transfers of personal data outside the United Kingdom, we rely on the UK International Data Transfer Agreement (UK IDTA) issued by the Information Commissioner's Office (ICO), and/or the UK Addendum to the EU Standard Contractual Clauses (the "UK Addendum"), as approved under Section 119A of the Data Protection Act 2018. Where the UK Government has made adequacy regulations recognising a country as providing adequate data protection, no additional safeguards are required for transfers to that country. We assess each transfer to ensure that the laws of the recipient country do not undermine the protections guaranteed by UK GDPR.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at privacy@skodeai.com.

11. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or integrations. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service you interact with.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we will provide additional notice via email or an in-app notification. Your continued use of the Services after changes become effective constitutes acceptance of the revised policy.

13. Security Vulnerability Reporting

If you discover a security vulnerability in any Skode product or service, we encourage you to report it responsibly. Please email security@skodeai.com with a detailed description of the vulnerability, steps to reproduce, and any supporting evidence. We will acknowledge receipt within 2 business days and work to address confirmed vulnerabilities promptly. We request that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@skodeai.com
Legal Inquiries: legal@skodeai.com
Grievance Officer (India): View Details
Data Deletion Requests: Submit a Request