Privacy Policy

We collect information you provide directly and data generated through your use of ScopeRun:

**Account Information:** • Name, email address, and password • Company/business name and contact details • Phone number and business address • Contractor license number (if provided)

**Business Data:** • Project details, budgets, timelines, and photos • Customer names, addresses, phone numbers, and email addresses • Invoice data, estimates, payment records, and expense receipts • Email content processed through the AI email assistant • Uploaded files, documents, and attachments

**Usage & Technical Data:** • App usage patterns, feature interactions, and session duration • Device type, operating system, and browser information • IP address and approximate location (for security and analytics) • Error logs and performance diagnostics

We use your information to provide, improve, and secure the ScopeRun service:

**Service Delivery:** • Creating and managing your account and projects • Generating invoices, estimates, and financial documents • Processing emails through AI to suggest categorization and replies • Storing and retrieving your business files and photos

**Product Improvement:** • Analyzing usage to improve features and user experience • Training and refining AI models for better email categorization and drafting • Identifying and fixing bugs or performance issues

**Security & Compliance:** • Protecting against unauthorized access and fraud • Complying with legal obligations and responding to lawful requests • Enforcing our Terms of Service

We take the security of your contractor business data seriously:

**Data Protection:** • All data is encrypted in transit (TLS 1.3) and at rest (AES-256) • Role-based access controls with Row-Level Security (RLS) on all database tables • Regular security audits and vulnerability assessments • Secure authentication with password hashing and optional Google OAuth

**Access Controls:** • You control which team members can access which projects • Customer invoice share links use unique, time-limited tokens • We do not access your data for purposes unrelated to service delivery

**Retention:** • Account data is retained while your subscription is active • Deleted data is permanently removed from active systems within 30 days • Backup data is retained for disaster recovery and purged per policy

We use select third-party providers to deliver ScopeRun. Each is vetted for security and privacy compliance:

**Cloud Infrastructure & Database:** • Lovable Cloud for secure data storage and authentication • Data centers with SOC 2 Type II certification

**Email Services:** • Email delivery providers for invoice notifications and account communications • AI email processing for categorization and draft suggestions

**Payment Processing (Future):** • Stripe for subscription billing and payment processing • Card data is handled directly by Stripe and never stored on our servers

**Analytics:** • Anonymous usage analytics to understand feature adoption and performance • No personally identifiable information is shared with analytics providers

We do not sell your data to third parties under any circumstances.

As a contractor using ScopeRun, you are responsible for the customer data you collect and store:

**Data You Collect:** • You must obtain appropriate consent from your customers to store their information • You are responsible for the accuracy of customer names, addresses, and contact details • You must comply with applicable data protection laws in your jurisdiction

**Best Practices:** • Only collect customer information necessary for your business operations • Use strong, unique passwords for your ScopeRun account • Enable two-factor authentication when available • Review and revoke team member access when no longer needed

**Limitations:** • ScopeRun provides the tools; you control what data enters the system • We cannot prevent you from uploading sensitive data you choose to include • You are responsible for complying with your own privacy obligations to your customers

You have control over your data:

**Access & Export:** • Request a copy of all data associated with your account • Export invoices, projects, and customer lists at any time

**Correction & Deletion:** • Update or correct your account information in Settings • Delete individual projects, customers, invoices, or files • Close your account to request complete data deletion

**Communications:** • Manage notification preferences in-app • Unsubscribe from marketing emails at any time

To exercise any of these rights, contact us at the email below.

If you have questions about this Privacy Policy or how we handle your data, please contact us:

**Email:** privacy@scoperunapp.com

**ScopeRun** Privacy Team California, USA

We will respond to privacy inquiries within 30 business days.

**Last Updated:** January 1, 1970

**Changes to This Policy:** We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of ScopeRun after changes constitutes acceptance of the updated policy.