Security
Privacy & Security Protocols
1. Introduction
At Scope, we are committed to protecting your privacy. This policy explains how we collect, use, share, and retain personal information when you use our app integrated with our integrations and connected services.
2. Information We Collect
We collect only the data necessary to deliver, maintain, and improve our services. The types of data include: a. Account and Authentication Data - Name, email address, organization, and identifiers provided during sign-up or integration authorization. - OAuth tokens or access credentials securely stored and managed through cloud-native secrets managers. - Role and permissions metadata used to enforce access control. b. Integration Data (Authorized Access Only) - When users connect Scope to third-party applications, we may access data explicitly authorized through each platform’s permissions framework (e.g., Zoom meeting metadata, Slack messages, Google Drive files, Salesforce objects). We never collect or access data outside the approved scopes. c. Usage and Diagnostic Data - Logs, API call metadata, and error diagnostics for monitoring system health and improving performance. - Browser and device information required to secure sessions and prevent abuse. d. Optional Data Inputs - Users may upload documents, recordings, or structured data for AI-assisted analysis or project automation. These are processed solely for the requested purpose and remain under the customer’s control.
3. How We Use Information
We use information to: Deliver and maintain our core services, integrations, and AI features. Authenticate and authorize users. Detect, prevent, and respond to security incidents. Improve product performance and user experience. Comply with applicable legal, contractual, or regulatory obligations. We do not sell, lease, or share personal or customer data with third parties for marketing or unrelated purposes.
4. Data Security
Scope applies layered, enterprise-grade security controls across its infrastructure: - Encryption: All data in transit uses TLS 1.2 or higher; all data at rest uses AES-256 encryption. - Key Management: Encryption keys are stored and rotated through managed key services with strict access control. - Access Control: Role-based access, MFA, and least-privilege principles enforced across application, database, and cloud layers. - Isolation: Logical tenant separation ensures customer data remains isolated in multi-tenant environments. - Logging & Monitoring: Immutable logs, real-time alerting, and continuous threat detection across all critical systems. - Backups & Recovery: Encrypted, regularly tested backups stored separately from production environments. These measures align with industry standards such as SOC 2, HIPAA, and ISO 27001 security expectations
5. Data Retention and Deletion
We retain customer data only for as long as necessary to provide our services or as required by law. - Upon user or customer request, we securely delete data from active systems and flag backups for deletion per our retention schedule. - Deleted data is rendered irrecoverable across caches, logs, and linked records. - Customers can request data deletion by contacting privacy@scope.ai .
6. Sub-Processors and Data Transfers
Scope uses reputable cloud and infrastructure providers (such as Google Cloud Platform and AWS) that comply with recognized security frameworks. All sub-processors are vetted for data protection compliance and bound by data processing agreements. Data may be processed in the United States or other regions where our providers operate, subject to adequate safeguards (e.g., Standard Contractual Clauses for EU data subjects).
7. Incident Response and Notifications
We maintain a formal Incident Response Plan that defines escalation paths for security events, including detection, containment, remediation, and post-mortem review. If an incident results in unauthorized access to personal data, we will notify affected customers promptly and in accordance with applicable laws.
8. User Rights and Control
Depending on jurisdiction, users may have the right to: - Access, correct, or delete their data. - Restrict or object to certain processing activities. - Request export of their data in portable format. Requests can be submitted to privacy@scope.ai , and we will respond in accordance with applicable data protection laws (GDPR, CCPA, etc.).
9. Policy Updates
We may update this policy to reflect product, legal, or regulatory changes. Updates will be posted at the same URL with a revised “Effective Date.” Continued use of Scope after changes indicates acceptance of the updated policy.
10. Contact
Scope Security & Privacy Team - Email: privacy@scope.ai - Website: https://scope.ai