Legal
Privacy Policy
Last updated: january 1, 2026 · Effective: january 1, 2026
1. Introduction
ScopeGrid, Inc. ("ScopeGrid", "we", "us", or "our") is committed to protecting the privacy of individuals who access or use our enterprise platform and services (collectively, the "Services"). This Privacy Policy explains what personal data we collect, how we use it, the legal bases for processing, your rights as a data subject, and how to contact us regarding privacy matters. This Policy applies to all users of ScopeGrid's platform, website visitors, and individuals who contact us.
2. Data We Collect
We collect the following categories of personal data: Account Information (name, email address, job title, company name, phone number) when you register or interact with us. Usage Data (platform actions, feature usage, access logs, session data, IP address, browser type, device information). Project and Business Data that you input into the platform, including scope documents, stakeholder information, and organizational data. Communication Data including messages, support inquiries, and emails. Payment and Billing Information processed through our PCI-compliant payment processor. Cookies and Tracking Data as described in our Cookie Policy.
3. How We Use Your Data
We use your personal data to: provide, operate, and improve our Services; authenticate your identity and maintain account security; process transactions and send related communications; respond to your inquiries and provide customer support; send product updates, security notices, and administrative messages; analyze platform usage to improve performance and user experience; comply with legal obligations and enforce our terms; detect, prevent, and address security incidents and technical issues. We do not sell your personal data to third parties for advertising purposes.
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process personal data under the following legal bases: Contract Performance — to provide the Services you have contracted; Legitimate Interests — for platform security, fraud prevention, and product improvement; Legal Obligation — to comply with applicable laws and regulations; Consent — for marketing communications, which you may withdraw at any time.
5. Data Sharing and Third Parties
We may share your data with: Service Providers who assist in operating our platform (hosting, analytics, payment processing, email delivery) under strict data processing agreements. Professional Advisors (attorneys, accountants) under confidentiality obligations. Law Enforcement when required by applicable law or valid legal process. Business Transfers in the event of a merger, acquisition, or sale of assets, with prior notice to affected users. We do not share customer project data with any third party for their own commercial purposes.
6. International Data Transfers
ScopeGrid operates globally. Data may be transferred to and processed in countries outside your country of residence, including the United States. We implement appropriate safeguards for international transfers including Standard Contractual Clauses (SCCs) approved by the European Commission, and Data Processing Agreements compliant with applicable data protection laws.
7. Data Retention
We retain personal data for as long as your account is active and as necessary to provide our Services. Account data is retained for 7 years following account closure for legal compliance purposes. Project and business data is retained per your organization's settings or deleted within 90 days of account termination upon request. We will promptly delete or anonymize personal data upon verified request where no legal retention obligation applies.
8. Your Rights
Depending on your jurisdiction, you may have the following rights: Access — request a copy of your personal data; Rectification — correct inaccurate data; Erasure — request deletion of your data; Restriction — limit how we process your data; Portability — receive your data in a structured format; Objection — object to processing based on legitimate interests; Withdrawal of Consent — at any time for consent-based processing. To exercise these rights, contact us at privacy@scopegrid.io.
9. Security
We implement industry-standard technical and organizational measures to protect your personal data, including AES-256 encryption, access controls, regular security audits, and employee training. However, no system is completely immune to security risks. We encourage you to use strong, unique passwords and report any suspected security incidents to security@scopegrid.io.
10. Contact Us
For privacy inquiries, data subject requests, or to reach our Data Protection Officer, contact us at: ScopeGrid, Inc., Attn: Privacy Team, privacy@scopegrid.io. For EU/EEA residents, you also have the right to lodge a complaint with your local supervisory authority.
