SpeechTranslate — Real-time speech translation for phone calls
Log in

Data Processing Addendum

This Data Processing Addendum ("DPA") forms part of the agreement between ScaleCapacity, Inc. ("Processor" or "ScaleCapacity") and you ("Controller" or "Customer") governing the processing of personal data through the SpeechTranslate platform (the "Service"). This DPA applies where ScaleCapacity processes personal data on behalf of the Customer.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person that is processed through the Service.
  • Processing: Any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, or erasure.
  • Sub-processor: A third-party service provider engaged by ScaleCapacity to process Personal Data on behalf of the Customer.
  • Data Subject: The individual to whom Personal Data relates (e.g., callers, agents).

2. Scope and Purpose of Processing

ScaleCapacity processes Personal Data solely to provide the Service, which includes:

  • Audio streams: Real-time voice audio from callers and agents, processed for speech recognition, translation, and speech synthesis. Audio is streamed in transit and not persisted by ScaleCapacity unless call recording is explicitly enabled by the Customer's administrator.
  • Transcripts: Text transcriptions of speech, generated during the translation process and displayed to agents in real time. Transcripts may be stored when call history is enabled.
  • User account data: Name, email, role, and tenant affiliation for agents and administrators authenticated via Amazon Cognito or SAML 2.0 identity federation (Okta, Microsoft Entra ID).
  • Call metadata: Contact IDs, timestamps, language pairs, translation quality scores (TQI), sentiment indicators, and provider selection data used for ConnectIQ analytics.
  • AI interaction data: Queries and responses from AI Agent Assist (Amazon Bedrock Agents / AgentCore), including knowledge base retrieval results and action group invocations, processed within the Customer's tenant scope.

3. Customer's BYO Infrastructure

When the Customer deploys SpeechTranslate using Bring Your Own (BYO) infrastructure options, certain data processing occurs entirely within the Customer's own AWS account:

  • BYO Amazon Connect: Call audio, recordings, and Contact Lens analytics remain in the Customer's AWS account. ScaleCapacity accesses the Connect instance via cross-account IAM role or same-account permissions as configured by the Customer.
  • BYO AWS QuickSight: Datasets, SPICE storage, dashboards, and Generative Q&A queries execute in the Customer's QuickSight namespace. ScaleCapacity generates embed URLs via the Customer's cross-account role but does not copy or store dashboard data.
  • BYO Bedrock AgentCore: Knowledge bases, MCP gateway targets, and agent runtimes operate in the Customer's AWS account. ScaleCapacity invokes the AgentCore API on behalf of the Customer but does not persist conversation data outside the session.

For BYO deployments, the Customer acts as both Controller and infrastructure operator. ScaleCapacity's access is limited to the permissions granted via the IAM roles configured during the BYO wizard setup.

4. Sub-processors

ScaleCapacity uses the following categories of sub-processors to provide the Service. The Customer authorizes these sub-processors at the time of agreeing to this DPA:

Sub-processorPurposeData Processed
Amazon Web Services (AWS)Infrastructure, Transcribe STT, Polly TTS, Bedrock, Connect, QuickSight, CognitoAudio, transcripts, user accounts, call metadata, AI interactions
Microsoft AzureAzure Speech Services (STT)Audio streams for speech recognition
Google Cloud PlatformGoogle Cloud Speech-to-Text, Text-to-Speech, Gemini Live S2S, Google TranslateAudio streams for STT/TTS/S2S, text for translation

ScaleCapacity will notify the Customer of any new sub-processors with 30 days' advance notice. The Customer may object to a new sub-processor by notifying ScaleCapacity in writing within 14 days of the notice.

5. Data Security

ScaleCapacity implements appropriate technical and organizational measures to protect Personal Data, including:

  • Encryption in transit (TLS 1.2+) for all audio streams, API calls, and WebSocket connections
  • Encryption at rest for stored data using AWS KMS customer-managed keys
  • Tenant isolation — each customer's data is logically separated using per-tenant credentials, IAM policies, and Cognito user pools
  • Role-based access control (RBAC) with 23 granular feature permissions enforced at both frontend and API levels
  • Per-tenant credential isolation — third-party speech provider credentials (Azure, Google, Gemini) are stored in per-tenant AWS Secrets Manager secrets and are never shared across tenants
  • Security headers (CSP, HSTS, X-Frame-Options) enforced via CloudFront custom headers

6. Data Retention

  • Audio streams: Processed in real time and discarded after the call ends, unless call recording is enabled by the Customer.
  • Call recordings: Stored in the Customer's S3 bucket (BYO Connect) or in the platform's per-tenant storage. Retention period is configurable by the Customer's administrator.
  • Transcripts and metadata: Retained for the duration configured by the Customer. Default retention is 90 days for call history and analytics data.
  • User account data: Retained for the duration of the Customer's subscription. Deleted within 30 days of account termination upon written request.

7. Data Subject Rights

ScaleCapacity will assist the Customer in responding to requests from Data Subjects exercising their rights under applicable data protection laws (e.g., GDPR, CCPA), including rights of access, rectification, erasure, and data portability. The Customer is responsible for verifying the identity of Data Subjects before processing such requests.

8. Data Breach Notification

In the event of a confirmed Personal Data breach, ScaleCapacity will notify the Customer without undue delay and no later than 72 hours after becoming aware of the breach. The notification will include the nature of the breach, categories and approximate number of affected Data Subjects, likely consequences, and measures taken to address the breach.

9. International Data Transfers

Personal Data may be processed in the AWS regions configured by the Customer. ScaleCapacity does not transfer Personal Data outside the regions selected during deployment unless required by the Customer's provider configuration (e.g., a Google Cloud Speech endpoint in a specific region). The Customer is responsible for selecting regions that comply with their data residency requirements.

10. Audit Rights

The Customer may audit ScaleCapacity's compliance with this DPA upon reasonable written notice (no more than once per year). ScaleCapacity will make available relevant documentation and cooperate with reasonable audit requests. For BYO deployments, the Customer has direct access to their own AWS infrastructure logs and CloudTrail for audit purposes.

11. Term and Termination

This DPA remains in effect for the duration of the Customer's use of the Service. Upon termination, ScaleCapacity will delete or return all Personal Data within 30 days, except where retention is required by applicable law. For BYO deployments, data in the Customer's AWS account is not affected by termination of this DPA.

Contact

For questions about this DPA or to submit a data subject request, contact us at:

ScaleCapacity Inc.

300 N Third Street, Suite 260

Burbank, California 91502

+1 833 777 2253

privacy@scalecapacity.com

Last Updated: April 10, 2026