Emunet

Privacy & Security

Effective Date: 6/1/26 Last Updated: 6/1/26

This Privacy Policy explains how Scudio LLC, a Delaware limited liability company, including where applicable Scudio LLC doing business as Emunet ("Scudio," "we," "us," or "our"), collects, uses, discloses, and protects information in connection with our websites, the Scudio content-filtering software and services (the "Software" or "Service"), and related products and features.

This Privacy Policy uses certain defined terms — including "Administrator," "Monitored User," "Customer," "Device," "Distribution Partner," "Branded Offering," "Processing Node," "Edge Processing," "Remote Processing," "Filtering Standards," and "Service Data" — with the meanings given to them in our End User License Agreement ("EULA"). This Privacy Policy supplements, and should be read together with, the EULA.

A note on branding. The Software may be offered under the "Emunet" brand, the "Scudio" name, or the brand of a third-party Distribution Partner (a "white-label" or co-branded offering). Regardless of the brand presented to you, the underlying Software is provided by Scudio and this Privacy Policy describes Scudio's practices. A Distribution Partner may publish its own privacy policy that also applies to a Branded Offering; where a Distribution Partner's policy conflicts with this one, the Distribution Partner's policy governs the data it independently controls, and this Policy governs Scudio's practices.

 

  1. Scope of This Policy

This Privacy Policy applies to:

1.1. Our Websites. Information collected when you visit our websites, marketing pages, support portals, and account portals (the "Sites").

1.2. The Software and Service. Information processed in connection with installing, activating, configuring, administering, and using the Software, including device agents, browser extensions, mobile applications, and Processing Nodes.

This Policy does not govern: (a) the practices of Distribution Partners, Customers, Administrators, employers, schools, or organizations that independently determine how to use the Software or any data it generates; or (b) third-party websites, services, or platforms that we link to or that interoperate with the Software, which are governed by their own privacy policies.

 

  1. The Roles of the Parties

Because the Software is often deployed by one party to filter or manage Devices used by another, the role we play depends on the context:

2.1. Where we determine the purposes and means of processing — for example, operating our Sites, managing accounts, and improving the Software — we act as a controller (or business) of that information.

2.2. Where a Customer, Administrator, organization, school, employer, or Distribution Partner uses the Software to filter, monitor, manage, or report on Devices and Monitored Users, that party generally determines the purposes of processing, and we process the related Service Data on their behalf as a processor (or service provider), subject to their configuration and instructions and to applicable law.

2.3. Administrators control significant aspects of processing. Administrators may configure Filtering Standards, choose Edge or Remote Processing, select storage locations, set retention, and decide who may access reports, logs, and alerts. Customers and Administrators are responsible for the lawfulness of their configuration and use, including providing required notices and obtaining required consents.

 

  1. Information We Collect

3.1. Information You Provide Directly

  • Account and contact information, such as name, email address, phone number, organization or community name, role, and billing or payment information (which may be processed by a third-party payment processor or Distribution Partner).
  • Support and communications, such as the contents of support tickets, emails, chats, and survey or feedback responses.
  • Configuration and policy information, such as the Filtering Standards, categories, allowlists, blocklists, exceptions, and settings you choose.

3.2. Website Information

When you use the Sites, we may collect:

  • Log and usage data, such as IP address, browser type, referring pages, pages viewed, and timestamps.
  • Cookies and similar technologies, as described in Section 8 (Cookies and Analytics).

3.3. Product Telemetry and Device Characteristics

To operate, secure, maintain, troubleshoot, and improve the Software, we automatically collect:

  • Product telemetry, such as error reports, crash data, fault and exception logs, diagnostic information, performance metrics, feature usage, configuration state, version and update status, license and activation status, and security and integrity events.
  • Device characteristics, such as device make, model, type, operating system and version, browser and version, hardware identifiers, device or installation identifiers, network type, and language and region settings.

This product telemetry and these device characteristics are not intended to, and do not, include the private content of a Monitored User's communications, the substance of browsing activity, files, images, video, messages, or other private personal data — except in the three limited circumstances described in Section 3.4.

3.4. Limited Circumstances Where Additional Activity Data Is Transmitted

There are three specific situations in which data beyond standard telemetry is transmitted to us:

(a) Opt-In Diagnostic Sharing. Where a user or Administrator manually elects, through the Software's control panel or settings, to share additional usage, diagnostic, or activity data — typically on a limited-time or session basis — to help us investigate and resolve a specific issue, the data shared during that period may include additional usage or activity information. This sharing is initiated by the user or Administrator, can be turned off, and is used only to diagnose and resolve the issue.

(b) Access and Unblock Requests. Where a user or Administrator submits a request to access, unblock, allow, review, or reclassify a website, page, domain, or resource that the Software has blocked or restricted, the requested URL, domain, or resource identifier, together with related request context, is transmitted to us (and, depending on configuration, to the applicable Administrator or Distribution Partner) so that the request can be received, evaluated, and responded to.

(c) Mobile Application Inventory for Categorization. When the Software is activated on a mobile Device, and when a new application is later installed on that Device, the Software collects the list of applications installed on the Device and transmits it to our backend so that those applications can be categorized and the Software can determine how to filter, handle, or apply policy to them. We use this application-inventory data solely for categorization, do not retain or store it after categorization is complete, and discard it upon completion of categorization.

3.5. Filtering and Activity Data

When the Software filters, classifies, or enforces policy, it may generate logs, reports, alerts, classifications, and event records relating to Filtered Content and Monitored User activity (such as blocked or allowed events, categories, and policy decisions). How this data is processed and where it is stored depends on your deployment and is described in Section 4 (How Data Is Processed and Stored).

3.6. Remote Processing Data

In Remote Processing deployments, traffic, content, metadata, DNS requests, URLs, files, images, video, network activity, device information, policy information, and classification results may be transmitted to or through one or more Processing Nodes for classification, filtering, inspection, policy enforcement, logging, reporting, alerting, troubleshooting, security, and performance optimization. See Section 4.

3.7. Information From Other Sources

We may receive information from Distribution Partners, resellers, payment processors, and service providers (for example, billing status or account provisioning information) in connection with providing the Software.

 

  1. How Data Is Processed and Stored

4.1. Edge and Remote Processing. Depending on your deployment, filtering may occur locally on the Device (Edge Processing), remotely through a Processing Node (Remote Processing), or through a combination of both. A Processing Node may be operated by you or your organization, by a Distribution Partner, or by Scudio.

4.2. Customer-Controlled Storage. Where applicable to your deployment, filtering and activity logs may be written to storage that you, your organization, or your Distribution Partner owns or controls, including customer-owned cloud storage.

4.3. Limited-Access / Zero-Knowledge Deployments. In certain deployments, we operate on a limited-access or zero-knowledge basis with respect to such logs, meaning we do not access their contents except as necessary to provide, secure, troubleshoot, support, or improve the Software, as directed by you, as configured by your Administrator or Distribution Partner, or as required by law.

4.4. Variation by Deployment. The specific processing architecture, data flows, storage location, access model, and retention applicable to your deployment may vary and may be further described in the Documentation, order terms, Distribution Partner terms, or applicable data processing terms.

 

  1. How We Use Information

We use information for the following purposes:

  • To provide, activate, configure, operate, and maintain the Software and Sites;
  • To perform content classification, filtering, and policy enforcement according to applicable Filtering Standards;
  • To categorize applications and content so the Software knows how to handle them;
  • To process and respond to access, unblock, and reclassification requests;
  • To secure the Software, detect and prevent fraud, abuse, tampering, circumvention, and counterfeiting, and protect the integrity of the Service;
  • To provide customer and technical support, including diagnosing and resolving issues (including through opt-in diagnostic sharing);
  • To process transactions, manage accounts, and communicate with you about your account, the Service, and changes to our terms;
  • To analyze and improve the Software and Sites, including through aggregated or de-identified usage data;
  • To comply with legal obligations and enforce our agreements; and
  • For other purposes disclosed to you or to which you consent.

 

  1. How We Disclose Information

We do not sell personal information. We may disclose information in the following ways:

6.1. To Administrators, Customers, and Distribution Partners. Depending on configuration, Administrators and Distribution Partners may have access to certain Service Data, reports, logs, alerts, filtering events, policy settings, and Device status. Monitored Users should not assume that activity on a managed Device, browser, network, account, or profile is private from the applicable Administrator. We are not responsible for how a Customer, Administrator, school, employer, parent, guardian, organization, community, or Distribution Partner uses information made available to them.

6.2. To Service Providers and Sub-Processors. We share information with vendors who process it on our behalf — such as cloud hosting and infrastructure providers, analytics providers, payment processors, communication and support-tooling providers, and security providers — under contracts that limit their use of the information to providing services to us. [A current list of sub-processors can be provided or published at [link].]

6.3. For Legal and Safety Reasons. We may disclose information to comply with law, regulation, legal process, or governmental request; to enforce our agreements; or to protect the rights, property, safety, or security of Scudio, our users, or others.

6.4. In Business Transfers. We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, change of control, sale of assets, or similar transaction.

6.5. With Your Direction or Consent. We may disclose information at your direction or with your consent.

 

  1. No Sale of Personal Information

We do not sell personal information, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under applicable U.S. state privacy laws.

 

  1. Cookies and Analytics

8.1. Cookies. The Sites may use cookies and similar technologies for essential functionality, preferences, security, and analytics. You can control cookies through your browser settings; disabling some cookies may affect functionality.

8.2. Analytics. We may use analytics tools to understand how the Sites and the Software are used so we can improve them. [Identify analytics providers and link to their policies; configure to minimize collection of personal data where feasible.]

8.3. Do Not Track. Our Sites do not currently respond to "Do Not Track" browser signals. We honor recognized opt-out preference signals where required by applicable law.

 

  1. Data Retention

9.1. We retain personal information for as long as necessary to provide the Software and Sites, fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

9.2. Mobile application-inventory data collected for categorization (Section 3.4(c)) is not retained after categorization is complete and is discarded upon completion of categorization.

9.3. Opt-in diagnostic data (Section 3.4(a)) is retained only as needed to diagnose and resolve the relevant issue and in accordance with applicable retention practices.

9.4. Filtering and activity logs stored in customer-controlled storage are retained according to the retention settings configured by the Customer, Administrator, or Distribution Partner, who are responsible for those settings.

9.5. We may retain aggregated or de-identified information, which does not identify you, for longer periods.

 

  1. Data Security

10.1. We use administrative, technical, and organizational measures designed to protect information, including measures appropriate to limited-access and zero-knowledge deployments. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Where a Processing Node or other infrastructure is owned, operated, or controlled by a Customer, Administrator, organization, or Distribution Partner, that party is responsible for securing and maintaining it, including access controls, encryption settings, network configuration, monitoring, and incident response.

10.2. Incidental Data and Limitation of Liability. The Software is designed so that standard product telemetry does not include private browsing data or the content of Monitored User activity, except in the limited circumstances described in Section 3.4. Given the nature of content filtering, inspection, classification, and Remote Processing, however, private browsing data, URLs, content, or Monitored User activity may on occasion be transmitted to, routed through, inspected by, processed by, cached in, or stored within the Software, a Processing Node, or our systems incidentally or unintentionally. To the maximum extent permitted by applicable law, we are not liable for any such incidental or unintended receipt, processing, or storage of private browsing data or activity. Any liability relating to the Software is governed by, and subject to the disclaimers, exclusions, and limitations of liability set forth in, the EULA, and this Privacy Policy does not create any warranties, representations, or liabilities beyond those provided in the EULA.

 

  1. Children's Privacy

11.1. The Software is often used to protect minors. A core purpose of the Software is to allow parents, guardians, schools, and other authorized Administrators to filter and manage Devices used by minors. In that context, the Administrator — not Scudio — determines what to filter and how, and we process related data on the Administrator's behalf and at their direction.

11.2. Parental and institutional consent. Where the Software is installed on a minor's Device, the Administrator represents that they are the parent or legal guardian, are acting under the authority of the parent or legal guardian, or are otherwise authorized to install and configure the Software with respect to that minor and to provide any consent required by law, including under the Children's Online Privacy Protection Act ("COPPA") and other applicable children's privacy laws.

11.3. Our Sites are directed to adults. Our Sites and account/administration functions are intended for adults (such as parents, guardians, Administrators, and organizational purchasers), and we do not knowingly collect personal information directly from children through the Sites for our own purposes. If you believe a child has provided us personal information in a manner inconsistent with this Policy, please contact us using Section 15 and we will take appropriate steps.

 

  1. Your Rights and Choices

12.1. General. Depending on your location and your relationship to the Software, you may have rights to access, correct, delete, or obtain a copy of personal information, to object to or restrict certain processing, and to withdraw consent.

12.2. Requests directed to the right party. Because Administrators and Distribution Partners often control Monitored User data, requests relating to that data may need to be directed to the relevant Administrator or Distribution Partner, and we may refer such requests to them or assist them in responding, consistent with our role as a processor or service provider.

12.3. How to exercise rights. To make a request regarding information for which we are the controller, contact us using Section 15. We will verify and respond as required by applicable law, and we will not discriminate against you for exercising your rights.

 

  1. U.S. State Privacy Rights

13.1. California (CCPA/CPRA). California residents may have rights to know, access, correct, and delete personal information, and to opt out of the "sale" or "sharing" of personal information and certain uses of sensitive personal information. As stated in Section 7, we do not sell or share personal information as those terms are defined. California residents may also designate an authorized agent to make requests.

13.2. Other U.S. States. Residents of other states with comprehensive privacy laws (such as Virginia, Colorado, Connecticut, Utah, Texas, and others) may have similar rights to access, correct, delete, and obtain a copy of personal information, and to opt out of targeted advertising, sale, and certain profiling.

13.3. Sensitive Information. Some information processed by the Software — for example, a Monitored User's installed-application list or requested URLs — may be considered sensitive under certain laws. We process such information only as described in this Policy and the EULA, and Customers and Administrators are responsible for any consents required for their configuration and use.

13.4. Exercising State Rights. To exercise these rights, contact us using Section 15. Where we act as a processor or service provider for an Administrator or Distribution Partner, we will refer or support requests as appropriate.

 

  1. International Users and Data Transfers

14.1. We are based in the United States, and information we process may be stored and processed in the United States or other countries, which may have different data-protection laws than your jurisdiction.

14.2. Where the EU/UK GDPR or similar laws apply, we process personal data on lawful bases including performance of a contract, legitimate interests, compliance with legal obligations, and consent, and we implement appropriate safeguards for international transfers where required. Individuals in these jurisdictions may have additional rights, including to lodge a complaint with a supervisory authority.

 

  1. Contact Us

If you have questions about this Privacy Policy or our practices, or wish to exercise your rights, contact us at:

Scudio LLC, also doing business as Emunet www.emunet.com

If you reached the Software through a Distribution Partner or Branded Offering, you may also contact that Distribution Partner regarding data it controls.

  1. Governing Law

This Privacy Policy and any dispute relating to it are governed by the laws of the State of New York, without regard to its conflict-of-laws principles, except where applicable data-protection law requires otherwise.

  1. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new "Last Updated" date and, where required by law or for material changes, provide additional notice (such as in-product notice, email, or a notice on the Sites). Your continued use of the Sites or the Software after the changes take effect constitutes acceptance of the updated Policy.