Privacy Policy

Scope Techlabs LLC (“Scope,” “we,” “us,” or “our”) operates the Scope Inspect platform (“Service”), a B2B SaaS solution for service businesses. This Privacy Policy describes how we collect, use, share, and protect information in connection with the Service, and explains the rights available to you regarding your data.

This Privacy Policy is incorporated by reference into our Terms of Service. By using the Service, you agree to the data practices described in this Privacy Policy.

2.1 Information You Provide. We collect information you provide directly, including:

2.2 Information Collected Automatically. When you access or use the Service, we automatically collect:

2.3 Information from Third Parties. We may receive information about you from:

• ·Payment processors (Stripe, Helcim): transaction confirmation and payment verification data
• ·Integration partners: data from third-party tools you connect to the Platform
• ·Publicly available sources: business contact information for account verification

2.4 Information Submitted by Customers About End Recipients (Platform Messaging). When a Customer uses the Service to send SMS or other messages to its own end consumers (for example, a service business sending service-appointment confirmations to homeowners), the Customer submits to Scope the mobile numbers, names, and message content needed to deliver those communications. Scope processes this information as a service provider on behalf of the Customer, solely to deliver, monitor, and log the requested messages. The Customer is the controller of, and is responsible for, the lawful collection and use of this information, including obtaining valid prior express consent (or, for marketing, prior express written consent) from each end recipient under the Telephone Consumer Protection Act (TCPA) and applicable carrier and CTIA requirements.

We use the information we collect for the following purposes.

3.1 Service Delivery. We use your information to provide and operate the Service, including:

• ·Provide, maintain, operate, and improve the Service
• ·Process subscription payments and manage billing
• ·Authenticate users and maintain account security
• ·Deliver AI-powered features: report generation, workflow automation, and business insights

3.2 AI Data Processing

3.3 Service Operations. We use your information for the following operational purposes:

• ·Communicate with you about your account, subscriptions, and service updates
• ·Provide customer support and respond to inquiries
• ·Send service-related notifications and promotional communications. You may opt out at any time

3.4 Product Development and Analytics. We use aggregated and de-identified data to improve the Service, including:

• ·Analyze usage patterns and feature engagement to improve the Service
• ·Develop new features using aggregate, de-identified data

3.5 Legal and Compliance. We process information as required to comply with applicable legal obligations:

• ·Comply with applicable laws, including FIPA breach notification obligations
• ·Respond to legal process, court orders, and lawful government requests
• ·Maintain records for audit, tax, and legal defense purposes

3.6 SMS and Text Message Communications (Scope-Originated)

Categories of SMS communications:

• ·Account verification and security codes (one-time passcodes)
• ·Account, billing, and subscription notifications
• ·Service status updates, outage alerts, and security advisories
• ·Customer support communications
• ·Product updates and feature announcements (where separately opted in)

3.7 Platform Messaging Originated by Customers (ISV / Reseller). Scope Techlabs LLC is registered as an Independent Software Vendor (ISV) Reseller with messaging service providers (including Twilio) and provides Customers with the technical infrastructure to send SMS communications to their own end recipients.

When a Customer uses this platform functionality:

• ·The Customer is the sender of record and the data controller for recipient information
• ·Scope acts as the messaging platform and service provider on the Customer's behalf
• ·Scope processes recipient mobile numbers and message content solely to deliver, monitor, and log the Customer's communications, and to provide related analytics to the Customer
• ·The Customer is solely responsible for obtaining valid prior express consent (and, for marketing content, prior express written consent) from each end recipient under TCPA, CTIA, and applicable carrier requirements before sending any SMS through the Service
• ·Scope does not use end-recipient mobile information for any purpose other than delivering the Customer's requested communications

End-recipient message profile (platform messaging):

• ·Categories: service-appointment scheduling, confirmations, reminders, day-of arrival updates, post-visit follow-up, service report delivery, and (where the end recipient has separately opted in) promotional offers from the Customer
• ·Frequency: up to twenty (20) messages per appointment cycle and up to four (4) promotional messages per end recipient per month
• ·Carrier charges: message and data rates from the recipient's wireless carrier may apply
• ·Opt-out: end recipients may reply STOP to any platform SMS to opt out of further messaging from the originating Customer. Scope automatically honors STOP requests across the platform
• ·Help: end recipients may reply HELP for assistance or contact the originating Customer directly using the contact information provided in messages

For EU / UK / EEA users, we process personal data on the following lawful bases under Article 6 GDPR:

5.1 Service Providers and Processors. We share information with the following third-party providers who process data on our behalf:

We share only the minimum data necessary for each provider to perform its function. Customer support is provided directly by Scope via email at support@scopeinspect.io. No third-party support, ticketing, or live-chat tool processes customer support communications at this time.

5.2 Legal Requirements. We may disclose information when required by law, court order, or lawful government request, or to protect the safety, rights, or property of Scope, our users, or the public.

5.3 Business Transfers. In connection with a merger, acquisition, or sale of substantially all of Scope’s assets, Customer Data may be transferred to the successor entity under the same privacy protections.

5.4 With Your Consent. We may share information in other circumstances with your prior written consent.

5.5 Mobile Information Sharing. No mobile information collected for SMS or text messaging purposes (including mobile phone numbers, opt-in records, and consent data) will be shared with third parties or affiliates for marketing or promotional purposes. Mobile information will be disclosed only to subcontractors and service providers acting on our behalf to deliver the Service (for example, the SMS gateway provider, customer support tooling, and billing platforms), and only to the extent necessary to deliver the requested communications. All other categories of data described in this Privacy Policy exclude text messaging originator opt-in data and consent. This opt-in information will not be shared with any third parties. For end-user-facing details on how SMS notifications work and how to opt out, see our SMS Notifications Opt-In Statement.

Cookies are small text files placed on your device when you access the Service. We also use local storage, session tokens, and web analytics beacons.

6.1 Essential Cookies (Required). Strictly necessary for the Service to function. Cannot be disabled without preventing Service access.

• ·Session tokens: maintain authenticated sessions
• ·Security cookies: CSRF protection and fraud prevention
• ·Load balancing cookies: server routing

6.2 Analytics Cookies. Used to understand how users interact with the Service and improve functionality.

• ·Google Analytics 4 cookies (Google LLC), including _ga, _ga_<container-id>, and Google Tag Manager identifiers: traffic measurement, feature usage analysis, and session reporting
• ·Performance monitoring: page load times and error rate tracking

You may disable analytics cookies in your browser settings without affecting Service access. To opt out of Google Analytics globally, install the Google Analytics Opt-out Browser Add-on at tools.google.com/dlpage/gaoptout.

6.3 Cookie Management. Manage cookie preferences through your browser settings. Disabling essential cookies will prevent Service access.

6.4 EU / UK / EEA Cookie Notice

6.5 Do Not Track. We do not currently respond to browser “Do Not Track” (DNT) signals, as no uniform industry standard exists. We will revisit this policy as standards develop.

7.1 Active Subscriptions. We retain Customer Data for the full duration of your active subscription.

7.2 Post-Termination Retention Schedule

7.3 Basis for 7-Year Retention. The extended retention period is maintained for the following reasons:

• ·Audit, tax, and financial compliance record-keeping
• ·Legal defense in connection with professional liability claims related to service records
• ·Applicable legal and regulatory record-keeping obligations

7.4 Deletion Rights and Carve-Outs. You may request deletion of your personal data at any time (Section 9). We will honor deletion requests except where retention is:

• ·Required by applicable law or regulation
• ·Necessary for the establishment, exercise, or defense of legal claims
• ·Required to complete outstanding transactions or contractual obligations
• ·Necessary for financial, audit, or tax record-keeping
• ·Necessary to evidence SMS consent for TCPA defense (records will be retained in a restricted, non-marketing form)

Scope implements commercially reasonable technical and organizational security measures, including:

• ·Encryption of data in transit (TLS) and at rest
• ·Access controls, role-based permissions, and multi-factor authentication
• ·Regular security monitoring, vulnerability assessments, and penetration testing
• ·Employee training on data security and privacy practices
• ·Contractual security obligations for all third-party processors

No security system is impenetrable. We cannot guarantee that Customer Data will never be accessed or disclosed by unauthorized parties.

8.1 Data Breach Notification

9.1 General Rights — All Users. Contact support@scopeinspect.io to exercise any of these rights. We will respond within 45 days.

9.2 California Residents — CCPA / CPRA

Categories of personal information collected in the last 12 months:

• ·Identifiers: name, email address, IP address, account credentials, mobile phone number (for opted-in SMS users)
• ·Commercial information: subscription records, transaction history
• ·Internet or electronic network activity: log data, usage data, cookie data
• ·Professional or employment-related information: job title, company name
• ·Customer-generated content: service reports, photographs, videos, customer records, business operational data
• ·SMS / messaging data: opt-in records, keyword history, delivery metadata

To submit a CCPA request, contact support@scopeinspect.io. We will verify your identity before processing. Authorized agents may submit requests with written authorization.

9.3 EU / UK / EEA Residents — GDPR

To exercise GDPR rights, contact support@scopeinspect.io. We respond within 30 days (extendable to 60 with notice). You may also lodge a complaint with your local data protection supervisory authority.

Scope is headquartered in the United States. Customer Data is stored and processed in the US on AWS infrastructure. For users in the EU, UK, or EEA, your personal data will be transferred to and processed in the United States.

10.1 Transfer Mechanisms. We rely on the following legal mechanisms for international data transfers:

• ·EU Standard Contractual Clauses (SCCs): European Commission-approved clauses for EU / EEA to US transfers
• ·UK International Data Transfer Agreement (IDTA): For transfers from the United Kingdom
• ·EU-US Data Privacy Framework (DPF): Where applicable, upon Scope's DPF certification

We apply the same security and data protection standards to all Customer Data regardless of processing location.

The Service is intended exclusively for business entities and their authorized representatives. We do not knowingly collect personal information from individuals under 13. If we discover we have collected such information, we will delete it promptly. Contact support@scopeinspect.io if you believe we have inadvertently collected information from a child under 13.

The Service may contain links to third-party websites, tools, or services. This Privacy Policy does not apply to third-party privacy practices. We encourage you to review the privacy policies of any third-party services you access. Scope is not responsible for the privacy practices or content of any third-party service.

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days’ advance notice via:

• ·Email to the address associated with your account
• ·In-app notification when you access the Service

Your continued use of the Service after the effective date constitutes acceptance of the updated policy. A version history is maintained at scopeinspect.io/privacy.

For privacy-related questions, rights requests, data breach reports, or concerns about our data practices: