Legal

Privacy Policy

Effective date: February 9, 2026

1. Introduction

ScopeFlag ("we," "our," or "us") operates the ScopeFlag application and website at scopeflag.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using ScopeFlag, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a cryptographic hash — we never store your plain-text password). You may also provide an optional business name and currency preference.

Project Data

We store the project information you create, including project names, client names, client email addresses, budgets, deliverables, exclusions, change requests, and activity logs. This data is necessary to provide the core functionality of ScopeFlag.

Usage Information

We may collect information about how you access and use the service, including your IP address, browser type, operating system, referring URLs, and pages visited. This helps us improve the service and diagnose technical issues.

3. How We Use Your Information

  • To provide, maintain, and improve the ScopeFlag service
  • To create and manage your account
  • To generate scope agreements and change request approval pages accessible to your clients via unique, secure links
  • To send service-related communications (account verification, security alerts, support responses)
  • To detect, prevent, and address technical issues or abuse
  • To comply with legal obligations and enforce our Terms of Service

4. Client-Facing Pages

ScopeFlag allows you to share scope agreement and change request approval pages with your clients via unique, token-based URLs. These pages display project information you have entered (project name, deliverables, exclusions, change request details, and your business name). Your clients do not need an account to view or interact with these pages.

We do not use client interactions on these pages for marketing purposes. Client actions (agreeing to scope, approving or declining change requests) are logged solely to provide you with an accurate project history.

5. Data Storage & Security

Your data is stored in a secured PostgreSQL database. We use industry-standard security measures including encrypted connections (HTTPS/TLS), bcrypt password hashing, and JWT-based authentication. While no method of transmission or storage is 100% secure, we take reasonable precautions to protect your information.

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • With your consent — when you explicitly authorize sharing
  • Service providers — trusted third parties who assist in operating our service (hosting, analytics), bound by confidentiality obligations
  • Legal requirements — when required by law, regulation, or legal process
  • Safety — to protect the rights, safety, or property of ScopeFlag, our users, or the public

7. Cookies & Local Storage

ScopeFlag uses browser local storage to persist your authentication token and theme preference (light/dark mode). We do not use tracking cookies for advertising. We may use essential cookies for security and session management.

8. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — update or correct inaccurate information via your account settings
  • Deletion — request deletion of your account and all associated data
  • Export — request an export of your project data

To exercise any of these rights, contact us at support@scopeflag.com.

9. Data Retention

We retain your account and project data for as long as your account is active or as needed to provide the service. If you delete your account, we will delete your personal data and project data within 30 days, except where we are required to retain it for legal or compliance purposes.

10. Children's Privacy

ScopeFlag is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. Your continued use of ScopeFlag after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

support@scopeflag.com