Privacy Policy

Effective Date: February 10, 2026 Last Updated: February 10, 2026

1. Introduction

This Privacy Policy describes how Scaletalk Communications AS, operating under the trade name Xeritus ("Xeritus," "we," "us," or "our"), collects, uses, shares, and protects personal information.

Scaletalk Communications AS is registered in Norway at Vestenga 17, Nordre Follo, Norway.

This policy applies to all visitors of xeritus.com (the "Website") and all services provided by Xeritus.

Our dual roles. Xeritus acts as a data controller when we collect and process information from Website visitors, prospective customers, and marketing contacts. When Xeritus processes data on behalf of our healthcare provider clients through our Voice AI platform, we act as a data processor (or business associate under HIPAA). That processing is governed by our agreements with those clients and their own privacy policies, not this Privacy Policy.

Xeritus provides Voice AI technology for healthcare revenue cycle management.

2. Information We Collect

A. Information you provide directly

When you fill out a form, request a demo, or contact us, we may collect:

  • Name

  • Email address

  • Company name

  • Job title

  • The content of your message or inquiry

B. Information collected automatically

When you visit our Website, we automatically collect certain technical information, including:

  • Device type, browser type, and operating system

  • Pages visited, time spent on pages, click patterns, and referring URLs

  • IP address and approximate geolocation (country or region)

  • Cookies and similar tracking technologies (see Section 5 below)

C. Information processed on behalf of clients

When Xeritus processes data on behalf of our healthcare provider clients, we act as a data processor (or business associate under HIPAA). That processing is governed by our service agreements with those clients and their privacy policies. We do not describe that processing in this Privacy Policy, and we do not use client data for any purpose other than providing our contracted services.

3. How We Use Your Information

We use personal information collected through the Website for the following purposes:

Purpose Legal Basis (GDPR) Respond to your inquiries and provide support Legitimate interest (Art. 6(1)(f)) Provide and maintain our services Performance of a contract (Art. 6(1)(b)) Send marketing communications (only with your consent) Consent (Art. 6(1)(a)) Improve our Website and services Legitimate interest (Art. 6(1)(f)) Comply with legal obligations Legal obligation (Art. 6(1)(c)) Protect security and prevent fraud Legitimate interest (Art. 6(1)(f))

We do not use personal information collected through our Website to train AI models. Data processed on behalf of healthcare clients is governed by separate agreements and is never used beyond those specified purposes.

4. How We Share Your Information

We may share personal information with the following categories of recipients:

  • Service providers that help us operate our Website and business, including website hosting (Framer), email services (Google Workspace), and analytics providers (Google Analytics)

  • Professional advisors, including legal counsel, accountants, and auditors, as necessary for our business operations

  • Law enforcement or regulators when required by applicable law, legal process, or governmental request

  • Business transfer participants in the event of a merger, acquisition, reorganization, or sale of assets, in which case your information may be transferred as part of that transaction

We do not sell your personal information.

We do not share personal information for cross-context behavioral advertising.

We do not disclose Protected Health Information except as permitted by HIPAA and our Business Associate Agreements.

5. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies, categorized as follows:

  • Strictly necessary cookies enable core Website functionality. These cannot be disabled.

  • Analytics cookies (Google Analytics, Framer Analytics) help us understand how visitors use our Website so we can improve it.

  • Functional cookies remember your preferences to enhance your experience.

We do not use marketing or advertising cookies. We honor Global Privacy Control (GPC) and similar opt-out preference signals recognized under applicable state privacy laws.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Website functionality.

6. Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Website inquiry data: 2 years from last interaction

  • Marketing contacts: Until consent is withdrawn, or 3 years from last engagement

  • Website analytics data: 26 months

  • Client service data: As specified in service agreements, subject to applicable retention requirements under HIPAA (6 years), FDCPA/Regulation F (3 years), and other applicable laws

7. Your Privacy Rights

All individuals

Regardless of your location, you may:

  • Request to know what personal information we hold about you

  • Request correction of inaccurate information

  • Request deletion of your personal information

  • Withdraw your consent to marketing communications at any time

California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know the categories and specific pieces of personal information we have collected about you

  • Request deletion or correction of your personal information

  • Opt out of the sale or sharing of personal information (we do not sell or share your information)

  • Limit the use and disclosure of sensitive personal information

  • Not be discriminated against for exercising your rights

  • Designate an authorized agent to make requests on your behalf

In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email address, IP address), internet or other electronic network activity information (browsing history on our Website), and professional or employment-related information (company name, job title).

To exercise your rights, contact us at contact@xeritus.com. We will verify your identity before processing your request and respond within 45 days.

EEA and Norway residents (GDPR)

If you are located in the European Economic Area or Norway, you have the right to:

  • Access your personal data (Art. 15)

  • Rectification of inaccurate data (Art. 16)

  • Erasure of your data ("right to be forgotten") (Art. 17)

  • Restriction of processing (Art. 18)

  • Data portability (Art. 20)

  • Object to processing based on legitimate interests (Art. 21)

  • Withdraw consent at any time without affecting the lawfulness of prior processing (Art. 7(3))

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet): Postboks 458 Sentrum, 0105 Oslo, Norway — www.datatilsynet.no.

To exercise your rights, contact us at contact@xeritus.com. We will respond within 30 days.

Other US state residents

Residents of Colorado, Connecticut, Virginia, Texas, Oregon, and other states with comprehensive privacy laws may exercise similar rights as described above by contacting us at contact@xeritus.com.

8. International Data Transfers

Xeritus is headquartered in Norway. When you interact with our Website, your information may be transferred between Norway, the European Economic Area, and the United States.

  • EEA to US transfers: We rely on Standard Contractual Clauses (European Commission Decision 2021/914) or the EU-US Data Privacy Framework, where applicable, to ensure appropriate safeguards.

  • US to EEA/Norway transfers: The EEA is recognized as providing an adequate level of data protection.

All international data transfers are subject to appropriate safeguards under applicable data protection laws.

9. Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and employee training.

No method of electronic transmission or storage is 100% secure. If you have concerns about the security of your information, contact us at contact@xeritus.com.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child under 18, we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. The updated version will be posted on this page with a revised "Last Updated" date. If we make material changes, we will notify you by email or through a prominent notice on our Website.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

Scaletalk Communications AS (Xeritus) Vestenga 17 Nordre Follo, Norway

Email: contact@xeritus.com

For all privacy requests, including California consumer rights requests, GDPR data subject access requests, and general privacy inquiries, please email contact@xeritus.com.