Skip to main content
Skode -- AI-powered CRM and messaging platform

California Consumer Privacy Act (CCPA) — Do Not Sell My Personal Information

Last updated: April 21, 2026

This page describes how Skode Technologies Private Limited ("Skode," "we," "us," or "our"), a private limited company incorporated in India with registered office at Thirumangalath, Chelavur, Kozhikode – 673571, Kerala, India, complies with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 and subsequent regulations in force on or after 1 January 2026 (collectively, "CCPA"). It outlines the rights available to California residents ("consumers") regarding their personal information.

We do not sell or “share” (as defined by CCPA/CPRA) personal information for cross-context behavioural advertising. We have not sold or shared personal information in the preceding 12 months and do not intend to.

This notice supplements our Privacy Policy and applies solely to visitors, users, and others who reside in the State of California.

1. Your Rights Under CCPA/CPRA

As a California resident, you have the following rights with respect to your personal information:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which your personal information was collected, the business or commercial purpose for collecting your personal information, and the categories of third parties with whom we share your personal information.
  • Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions provided by law.
  • Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you.
  • Right to Opt-Out of Sale/Sharing: You have the right to direct us not to sell or share your personal information to third parties.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of your sensitive personal information to only what is necessary for the purposes of providing our Services.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA rights.

2. Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information from consumers:

  • Identifiers: Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
  • Personal Information (Cal. Civ. Code Section 1798.80(e)): Name, address, telephone number, education, employment, employment history, and financial information (billing details processed by Stripe).
  • Commercial Information: Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies (subscription plans, feature usage).
  • Internet or Other Network Activity: Browsing history, search history, information on a consumer's interaction with our website, application, or advertisements.
  • Geolocation Data: Approximate location derived from IP address.
  • Audio Information: Voice recordings submitted through our Voice AI feature (processed in real-time, not stored after transcription).
  • Professional or Employment Information: Job title, company name, and business contact details provided during account registration.
  • Inferences: Inferences drawn from the above categories to create a profile reflecting preferences, characteristics, and behavior (e.g., lead scoring, deal predictions).

2.1 Sensitive Personal Information

Under CCPA/CPRA, the following sub-categories of the personal information listed above are classified as Sensitive Personal Information (Sensitive PI). We collect these only to the extent our customers provide them to us or to the extent necessary to provide the Services:

  • Account credentials: Account passwords stored as PBKDF2-SHA256 hashes (we never see plain-text passwords).
  • Precise geolocation: Not collected by Skode. Approximate IP-derived location only, as listed under Internet Activity.
  • Financial account information: Limited to the last four digits, card brand, and expiry returned by our payment processors (Stripe, Razorpay). Full card numbers are never stored by Skode.
  • Contents of communications not addressed to Skode: If you use Skode Flow to send messages via WhatsApp, SMS, or email, or use Voice AI to capture call audio, the content of those communications is Sensitive PI.

California consumers have the Right to Limit Use and Disclosure of Sensitive Personal Information under CCPA § 1798.121. Skode uses Sensitive PI only to perform the Services, provide customer service, detect security incidents, resist malicious or fraudulent activity, and ensure the quality and safety of the Services — that is, only for purposes permitted without a limit request under 11 CCR § 7027. Because we do not use Sensitive PI to infer characteristics about you, no further limit request is required, but you may submit one by emailing privacy@skode.ai.

3. Categories of Sources

We collect personal information from the following categories of sources:

  • Directly from you: Information you provide when creating an account, entering data into the CRM, submitting support requests, or communicating with us.
  • Automatically: Information collected through cookies, web beacons, pixels, and similar technologies when you interact with our Services.
  • Third-party sources: Information received from OAuth providers (e.g., Google), payment processors (Stripe), and analytics services.
  • Integrations: Information synced from third-party services you connect to Skode (e.g., email providers, calendar applications).

4. Business Purpose for Collecting Personal Information

We collect and use personal information for the following business purposes:

  • Providing, maintaining, and improving our CRM and Flow platform services.
  • Processing transactions, managing subscriptions, and sending invoices.
  • Providing customer support and responding to inquiries.
  • Personalizing user experience and delivering relevant product recommendations.
  • Performing analytics and research to improve our Services.
  • Detecting, preventing, and addressing security incidents and fraudulent activity.
  • Complying with legal obligations and enforcing our Terms of Service.
  • Powering AI features (voice transcription, lead scoring, deal predictions, analytical tools) to enhance your CRM experience, using third-party AI service providers (currently OpenAI and Anthropic) under contractual service-provider arrangements, not “sales” or “shares” as defined under CCPA.
  • Sending marketing communications with your consent.

A complete and current list of our service providers and contractors, including those located outside the United States, is published at /legal/sub-processors/.

5. Sale and Sharing Disclosure

Skode does NOT sell your personal information. Skode does NOT share your personal information for cross-context behavioral advertising purposes.

We have not sold or shared personal information of consumers in the preceding 12 months. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.

6. Do Not Sell or Share My Personal Information

Although Skode does not sell or share personal information as defined by the CCPA, we respect your right to opt out. If you wish to exercise your right to opt out of any future sale or sharing of your personal information, you may do so by:

We will action your opt-out request without undue delay and, in any event, within 15 business days of receipt as required by the CCPA regulations, and will not ask you to verify your identity for opt-out requests. Verifiable consumer requests to know, delete, or correct your personal information are separately governed by a 45-calendar-day response timeline, which we may extend once by up to 45 additional days where reasonably necessary, as permitted by Cal. Civ. Code § 1798.130(a)(2).

7. Right to Know

You may request that we disclose the following information covering the 12 months preceding your request:

  • The categories of personal information we collected about you.
  • The categories of sources from which we collected your personal information.
  • The business or commercial purpose for collecting or selling your personal information.
  • The categories of third parties with whom we share your personal information.
  • The specific pieces of personal information we collected about you.
  • If we sold or disclosed your personal information for a business purpose, a list of the categories of personal information sold or disclosed and the categories of recipients.

8. Right to Delete

You may request that we delete the personal information we have collected from you. Upon receiving a verified deletion request, we will delete your personal information from our records and direct any service providers to delete your personal information, unless an exception applies.

We may deny your deletion request if retaining the information is necessary to:

  • Complete a transaction or provide a service you requested.
  • Detect security incidents, protect against malicious or fraudulent activity.
  • Debug to identify and repair functionality errors.
  • Exercise free speech or another legal right.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code Section 1546 et seq.).
  • Comply with a legal obligation, including tax and accounting record-keeping requirements.
  • Make other internal and lawful uses compatible with the context in which you provided the information.

9. Right to Opt-Out of Sale or Sharing

As stated above, Skode does not sell or share your personal information for cross-context behavioural advertising. You nevertheless retain the right to opt out of any future sale or sharing. A “Do Not Sell or Share My Personal Information” link is also published conspicuously in the footer of our homepage.

9.1 Global Privacy Control (GPC)

We honour the Global Privacy Control (GPC) browser signal as a valid opt-out preference signal as required by 11 CCR § 7025 (effective 1 January 2026). When your browser transmits a GPC signal to our website, we automatically treat it as a request to opt out of sale and sharing and display a visible in-page confirmation message that your opt-out request has been honoured. You can test this at any time by enabling GPC in a supported browser (for example Firefox, Brave, or the Global Privacy Control browser extension) and visiting any page on skode.ai.

If our practices change in the future and we begin to sell or share personal information as those terms are defined under CCPA, we will update this notice, re-prompt for consent where required, and provide an additional opt-out mechanism alongside the GPC signal.

10. Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through the use of discounts or other benefits, or imposing penalties.
  • Provide you with a different level or quality of goods or services.
  • Suggest that you will receive a different price or rate for goods or services, or a different level or quality of goods or services.

11. How to Exercise Your Rights

To exercise any of the rights described above, you may submit a verifiable request by:

You may submit a request to know or delete up to two times within a 12-month period. We will respond to your verified request within 45 calendar days. If we require more time (up to an additional 45 days), we will inform you of the reason and extension in writing.

12. Verification Process

To protect your privacy and security, we must verify your identity before fulfilling your request. We will ask you to provide information that matches the information we have on file. Depending on the nature and sensitivity of the request, we may require:

  • Standard Verification: Matching at least two data points (e.g., name and email address associated with your account).
  • Enhanced Verification: For requests for specific pieces of personal information, matching at least three data points and a signed declaration under penalty of perjury.

If we cannot verify your identity, we may not be able to fulfill your request. We will notify you if this is the case.

13. Authorized Agents

You may designate an authorized agent to submit a request on your behalf. To do so, you must provide the authorized agent with written permission signed by you. We may also require you to verify your own identity directly with us and confirm that you have authorized the agent. If an agent submits a request without proper authorization, we will deny the request and notify the agent.

14. Financial Incentive Programs

We do not currently offer any financial incentive programs that require the collection or retention of personal information. If we offer such programs in the future, we will update this notice with the material terms, how to opt in, and how to withdraw.

15. Metrics

As required by the CCPA, we will compile and disclose metrics regarding consumer requests received during the previous calendar year, including the number of requests to know, delete, and opt out, and our median response time. These metrics will be published annually on this page.

16. Changes to This Notice

We may update this CCPA notice from time to time to reflect changes in our practices or applicable law. We will post the updated notice on this page with a revised "Last updated" date. Material changes will be communicated via email or in-app notification.

17. Contact Information

If you have any questions or comments about this notice, your rights under the CCPA, or our privacy practices, please contact us:

For Indian users, see also our Privacy Policy section on the Digital Personal Data Protection Act, 2023 and our Grievance Officer page.