ScopePilot – Privacy Policy

1. Who We Are

ScopePilot
Website: https://scopepilot.io
Email: [email protected]

If you are located in the European Economic Area (EEA) or the UK, we act as a data controller for the personal data we collect and process about you.

2. Information We Collect

We collect the following categories of information:

2.1 Information you provide

• Account information: email address, password (hashed), name (optional)
• Billing information: subscription details, limited billing metadata from payment processors
• User Content: project names and scope descriptions, client names (if provided), client requests, change orders and notes
• Support communications: emails or messages you send us

2.2 Information we collect automatically

• Usage information: pages visited, features used, timestamps, error logs, number of analyses or change orders
• Device and technical data: IP address, browser type and version, operating system, referring/exit pages
• Cookies and similar technologies: to maintain sessions, remember preferences, and understand how the Service is used

2.3 Information from third parties

• Payment processors (e.g. Stripe): payment status, limited billing data (we do not store full card details)
• Analytics/logging services: aggregated usage data
• AI providers: we may exchange data necessary for AI-powered features

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Create and manage your account
• Store your projects, scopes, and change requests
• Process payments and manage subscriptions
• Improve and develop the Service
• Communicate with you about updates, security, and support
• Maintain security and prevent abuse
• Comply with legal obligations

Where required by law, we rely on legal bases such as performance of a contract, legitimate interests, consent, and compliance with legal obligations.

4. AI and Third-Party Providers

ScopePilot uses third-party AI models to analyze scope and generate suggestions. We send only the data needed to produce the requested output (such as your project scope and client request text). We use reputable providers with appropriate security and data protection terms.

We also use third-party services for hosting, payments, email, analytics, and logging. Their use of your data is governed by their own policies.

5. How We Share Your Information

We do not sell your personal data.

We may share your information with:

• Service providers that process data on our behalf (hosting, payment, email, analytics, AI)
• Authorities or parties when required by law or to protect our rights or users
• In connection with a business transfer such as a merger, acquisition, or asset sale

We may use aggregated, anonymized data (that does not identify you) for analytics and business reporting.

6. International Transfers

Your data may be processed in countries outside your own, including outside the EEA. Where required, we use appropriate safeguards for international transfers, such as Standard Contractual Clauses or equivalent mechanisms.

7. Data Retention

We retain personal data only as long as necessary to:

• provide the Service;
• comply with legal obligations;
• resolve disputes and enforce agreements.

Account and project data are kept while your account is active. After account closure, data may be deleted or anonymized after a reasonable period, subject to legal requirements. Billing records may be kept longer where required by law.

8. Security

We implement reasonable technical and organizational measures to protect your data, including encryption in transit (HTTPS), access controls, and regular security updates.

No method of transmission or storage is completely secure. You are responsible for keeping your password and account credentials confidential.

9. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children. If we learn that we have collected data from a child without appropriate consent, we will delete it.

10. Your Rights

Depending on your location, you may have rights under data protection laws, including:

• Access: request a copy of the personal data we hold about you
• Rectification: request correction of inaccurate or incomplete data
• Erasure: request deletion of your data in certain circumstances
• Restriction: request limitation of processing in certain cases
• Portability: request your data in a structured, machine-readable format
• Objection: object to certain processing, including direct marketing
• Withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise these rights, contact us at [email protected]. We may need to verify your identity before responding.

You may also lodge a complaint with a data protection authority in your country if you believe your rights have been violated.

11. Your Choices

You can:

• update your account information via settings (where available);
• opt out of marketing emails by using unsubscribe links or contacting us;
• control cookies through browser settings (some features may be affected);
• request deletion of your account by contacting us.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or in-app notice. The updated Policy is effective when posted on our website.

Your continued use of the Service after the effective date means you accept the updated Policy.

14. Contact

If you have questions or requests regarding this Privacy Policy or our data practices, contact us at:

ScopePilot
Email: [email protected]
Website: https://scopepilot.io