Privacy policy.
How ScopeStack collects, uses, and protects your data when you work with us. We have written this in plain language so you know exactly where you stand.
Last updated: June 2026
This Privacy Policy explains how ScopeStack ("we," "us," "our") collects, uses, and protects information in connection with our website and our automation service. ScopeStack is a service business: we audit how your team works today, recommend the highest-leverage automation opportunities, and build custom automations directly into the tools you already use. We believe privacy policies should be clear and honest, so this is written in plain language.
1. How We Work With You
A typical engagement runs through a few stages, and it helps to understand them because they shape what data we handle:
- Audit. We review your current processes and tools to find where time and margin leak.
- Recommend. We map the automation opportunities that will return the most value.
- Build. We build custom automations into your existing tool stack rather than asking you to adopt a new platform.
The automations we build run inside the accounts and systems you already own and control. We do not host a separate software platform that your day-to-day operational data flows through.
2. What We Collect
We only collect data that you provide to us directly through our website, our scheduling and intake forms, our checkout process, or our communications with you. This typically includes your name, email address, company details you choose to share, and, where you make a purchase, the payment information needed to complete it.
During an engagement, you may also share documents, process details, or access to your own systems so that we can do the audit and build the automations. We treat that information as confidential and use it only to deliver the work you have engaged us for.
3. What We Do Not Collect
The automations we build operate within your own accounts and tools. Except where you deliberately share something with us to do the work, we do not collect, receive, store, access, or process:
- The ongoing operational data that flows through your tools after an automation is live
- Your customers' or clients' day-to-day records held inside your own systems
- Your account credentials or login information for the platforms you use
- Conversation history or content from any third-party AI tools you operate yourself
Where we are given temporary access to your systems to build or test an automation, we use it only for that purpose and for the duration agreed with you.
4. Third-Party Tools and Platforms
The automations we build connect to and run inside third-party tools that you already use (for example, your project management, CRM, email, or AI tools). We do not control how those platforms handle your data.
Your responsibility:
- Review and accept each platform's own privacy policy and terms of service
- Understand how each platform stores, retains, and may use the data you put into it
- Configure the privacy and data retention settings on those accounts according to your preferences
- Determine whether each platform's data practices meet your regulatory and contractual obligations
A note on AI tools: If an automation uses an AI platform such as Google Gemini, be aware that data handling can differ between personal accounts and business or workspace accounts. Business and workspace tiers generally offer stronger privacy controls and may exclude your data from model training. We recommend using a business or workspace account for all work-related automation.
We make no representations about how any third-party platform processes your data, and we are not responsible for their privacy practices.
5. How We Use Your Data
The data we collect directly from you is used for:
- Delivering the service: running the audit, scoping the work, and building and supporting your automations.
- Customer support: responding to your questions and troubleshooting issues.
- Service updates: letting you know about changes that affect the work we have done for you.
- Business operations: processing payments, managing engagements, and complying with tax and legal requirements.
- Improvement: understanding aggregate usage patterns on our website to make it better.
We do not sell your personal information. We do not share your personal data (name, email, purchase records) with third parties for their own marketing purposes.
6. Who We Share Data With
We share your data only with service providers necessary to operate our business, such as payment processing, form handling, scheduling, and analytics. The main providers we rely on are described in Section 8. Each provider is bound by its own privacy policy and data processing terms. We do not share your data with third parties for their own marketing purposes.
We may also disclose your information if required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety.
7. Data Retention
- Engagement and payment records are retained for the duration of our relationship plus any period required for tax, legal, or accounting purposes (typically up to 7 years for financial records).
- Support and project correspondence is retained for up to 24 months after the last interaction, then deleted.
- Intake and inquiry messages are retained until they are no longer needed for the purpose you contacted us about.
- Website analytics are collected in aggregate and do not contain personally identifiable information.
Any access we are granted to your own systems is removed at the end of the relevant engagement unless you ask us to retain it for ongoing support.
8. Cookies, Analytics, and Tools We Use
Our website uses cookies and similar technologies. These fall into two categories:
- Essential cookies: required for the website and forms to function. These cannot be disabled.
- Analytics cookies: help us understand how visitors use our website. These collect anonymous, aggregate data.
The third-party tools we use on our website and to run our business are:
- Google Tag Manager and Google Analytics 4: to measure how visitors find and use our website, in aggregate.
- FormSubmit: to deliver the messages you send through our website forms to our inbox.
- Cal.com: to let you book a call with us and to manage scheduling.
- Stripe: to process payments, for example for our $150 Gemini Gems. Stripe handles card details directly; we never store your card number.
You can manage your cookie preferences directly on this site at any time. You can also adjust your browser settings to block or delete cookies, though essential cookies cannot be disabled as they are necessary for the site to function.
9. Sensitive Data Guidance
When you share information with us, or set up automations that move data between tools, we strongly recommend avoiding the following types of data unless you have independently assessed each platform's compliance:
- Social Security numbers or government identification numbers
- Credit card numbers or financial account details (outside the secure Stripe checkout)
- Protected health information (PHI) subject to HIPAA
- Passwords, API keys, or authentication credentials sent through insecure channels
- Trade secrets belonging to your clients that are subject to an NDA
- Data subject to specific regulatory frameworks (PCI-DSS, FERPA, ITAR, and similar)
This guidance is provided as a best-practice recommendation, not as legal advice.
10. Your Rights
Depending on where you live, you may have rights regarding the personal data we hold about you, such as your name, email, and engagement records. To exercise any of these rights, contact us at the address in Section 15. We will respond within 30 days.
California residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information.
EU and EEA residents (GDPR): Our legal basis for processing your data is contract performance and legitimate interest. You may lodge a complaint with your local data protection authority.
11. Data Security
We take reasonable measures to protect the data we hold, including:
- Encrypted transmission (HTTPS/TLS) for all website and checkout interactions
- Secure payment processing through Stripe, a PCI-compliant provider (we never store card numbers)
- Access controls limiting who within our organization can view customer data
- Regular review of the security practices of the third-party providers we rely on
No method of electronic transmission or storage is 100 percent secure. While we strive to protect your information, we cannot guarantee absolute security.
12. Children's Privacy
Our service is designed for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
13. International Data Transfers
Our business is based in the United States. If you are located outside the United States, your personal data (name, email, engagement records) will be transferred to and processed in the United States.
Data handled by the third-party tools described in this policy, or by tools you connect through an automation, may be processed in various jurisdictions depending on each provider's infrastructure. Please review their privacy policies for details.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email.
Your continued use of our website and services after changes take effect constitutes your acceptance of the revised policy.
15. Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, or have a privacy concern, reach out to us at scopestackai@gmail.com.