SC Scribe logo SC Scribe

Privacy Notice

Effective date: 29 May 2026

This Privacy Notice explains how SC Technology (PTY) LTD ("we", "us", "our") processes personal information when you use SC Scribe (the "Service"). This Service generates meeting minutes and related outputs from content you provide (such as audio recordings, documents, and meeting details).

If you do not agree with this Privacy Notice, do not use the Service.

1. What this Service is

The Service helps you create meeting minutes. It may transcribe audio into text and use AI to generate summaries, action items, and minutes based on the content you submit.

The Service is publicly accessible and does not require an account or login.

2. What information we process

Because meeting content can vary, the information processed may include personal information, confidential information, or sensitive information depending on what you submit.

2.1 Content you submit ("Customer Content")

This may include:

  • audio recordings you upload;
  • documents you upload (for example meeting agendas or prior minutes);
  • meeting details you enter into forms (for example meeting title and date);
  • text prompts or instructions you enter; and
  • generated outputs (minutes, summaries, action items).

2.2 Technical and operational information (logs)

We process technical information necessary to operate and secure the Service. This may include:

  • IP address;
  • timestamps;
  • browser/user agent details;
  • requested path/endpoints;
  • response codes and timing/latency metrics; and
  • error information (for example reverse-proxy or server errors).

3. How we use information (purposes)

We process information to:

  • provide the Service (including transcription and minutes generation);
  • maintain reliability and performance during beta testing;
  • prevent abuse, fraud, and security incidents;
  • diagnose technical issues; and
  • improve the Service based on aggregated usage patterns and feedback.

4. Where and how processing occurs

4.1 Our infrastructure

We host the Service on infrastructure located in South Africa (AWS Cape Town). Our server storage is encrypted.

4.2 Transcription provider (audio)

If you upload audio, we transmit it to our transcription provider using an EU processing endpoint to convert the audio to text. For our AssemblyAI account, we have opted out of data sharing for model improvement. After transcription reaches a terminal state in our workflow, we issue a delete request for that transcript.

4.3 AI provider (minutes generation)

We transmit transcript text and any uploaded documents used for context to our AI provider to generate minutes and related outputs. We currently use Anthropic Claude Opus through Amazon Bedrock, with requests made from the AWS Europe (Ireland) region using an EU geographic Bedrock inference profile. Under this configuration, AWS may route prompts and outputs within EU AWS Regions for inference, but the inference profile is intended to keep processing within the EU geography.

This regional processing posture supports our GDPR and POPIA alignment goals for users in South Africa, the United Kingdom, Europe, and elsewhere, but it is not a guarantee that your use of the Service will satisfy every compliance obligation that may apply to you.

Even with these controls, providers may still process limited operational metadata and may retain data where required for security, abuse prevention, legal, or compliance purposes under their policies.

4.4 Cross-border processing

Because we use third-party providers, your content may be processed in jurisdictions outside your own. For example, our application infrastructure is in South Africa, our transcription provider uses an EU endpoint, and our minutes-generation provider uses AWS Bedrock EU geographic inference. By using the Service, you acknowledge this cross-border processing.

5. Subprocessors (third-party providers)

We use third-party service providers ("Subprocessors") to provide functionality such as transcription and AI processing, and to host our infrastructure.

A current list of Subprocessors and their roles is available at: /subprocessors

We may update Subprocessors from time to time and will update this list accordingly.

6. Storage and retention

6.1 Server-side Customer Content processing

Our server-side application is designed to process Customer Content transiently and not to store it in an application database or object storage:

  • uploaded documents are handled during request processing and are not stored in our application database or object storage;
  • generated minutes are produced in memory and returned in the response and are not stored in our application database or object storage; and
  • Customer Content is discarded when processing completes (request lifecycle).

6.2 Browser-local session recovery

The Service uses browser localStorage to save a session snapshot on your device so that you can recover an in-progress session if you refresh the page or return to the Service. This browser-local snapshot may include transcript text, generated minutes, chat messages, prompts, meeting details, uploaded document filenames, and media file metadata such as name, size, type, and preview kind.

This snapshot is stored in your browser, not in our application database or object storage. The localStorage snapshot does not store the uploaded media file bytes or uploaded document file bytes.

Note: our Subprocessors may apply their own retention practices to data they process. Their handling of data is governed by their own policies and settings.

Current provider posture for this Service includes: Amazon Bedrock with Anthropic Claude Opus using an EU geographic inference profile, AssemblyAI EU endpoint usage, AssemblyAI account opt-out from model-improvement data sharing, and transcript deletion requests once processing reaches a terminal state in our workflow.

6.3 Operational logs

We keep standard server and web server logs for security, abuse prevention, reliability, and troubleshooting. These logs may contain IP address and other technical metadata described in section 2.2.

During beta, we do not yet publish a fixed log-retention period. We retain logs only as long as reasonably necessary for the purposes described in this Privacy Notice and may update retention practices as the Service matures.

7. Diagnostic uploads (optional, explicit opt-in)

If you experience an issue, the Service may offer a "Send diagnostic data" option.

If you choose to send diagnostic data, we will upload the relevant session data so we can investigate the issue. This may include:

  • transcript and conversation context for the current session;
  • generated minutes for the current session; and
  • uploaded documents used in the current session.

We will use diagnostic uploads only for support, debugging, performance analysis, and security investigations. Access is restricted to authorised personnel.

If you do not opt in, we will not request diagnostic uploads from you as part of standard use of the Service.

8. Cookies and similar technologies

The Service uses localStorage for legal acceptance versioning and browser-local session recovery as described in section 6.2. The Service does not currently use cookies to persist user content.

9. Human access and review

We generally do not review Customer Content. However, authorised personnel may access limited information where reasonably necessary for:

  • support and debugging (including where you opt in to diagnostic uploads);
  • investigating suspected abuse; and
  • security incident response.

We limit access to what is necessary for these purposes.

10. Security

We implement reasonable technical and organisational measures designed to protect information in transit and during processing. However, no system is perfectly secure and we cannot guarantee absolute security.

11. Your responsibilities

You are responsible for ensuring you have the right to submit meeting content and that you have obtained any necessary consents from meeting participants for recording, transcription, and processing (including cross-border processing where applicable).

You should avoid submitting unnecessary personal information and minimise sensitive content where reasonably possible.

12. Your choices and rights

Because the Service does not use accounts and is designed not to store Customer Content in our application database or object storage after processing, we may not be able to retrieve or delete content you submitted once processing completes. Browser-local session snapshots are stored on your device and can be removed by clearing the site data for the Service in your browser or by clearing/resetting the session in the Service where available.

You can choose:

  • not to use the Service if you are not comfortable with cross-border processing;
  • not to upload sensitive information;
  • not to use the optional "Send diagnostic data" feature; and
  • to contact us with questions or concerns.

13. Contact

If you have questions about this Privacy Notice or how we process information, contact:

support@sctechnology.co.za

https://sctechnology.co.za/

14. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Updates take effect when posted. Continued use of the Service after changes are posted means you accept the updated Privacy Notice.