Legal

Privacy Policy

Scope Techlabs LLCVersion 1.0Effective: March 19, 2026Governing Law: State of Florida

Important Notice — Please Read Carefully

By creating an account, clicking “I Agree,” or otherwise accessing or using the Service, you agree to the data practices described in this Privacy Policy. This policy is incorporated by reference into our Terms of Service.

1

Introduction and Scope

Scope Techlabs LLC (“Scope,” “we,” “us,” or “our”) operates the Scope Inspect platform (“Service”), a B2B SaaS solution for home services companies and service businesses. This Privacy Policy describes how we collect, use, share, and protect information in connection with the Service, and explains the rights available to you regarding your data.

This Privacy Policy applies to:

  • ·Customers: businesses and organizations that subscribe to and access the Service
  • ·Authorized Users: employees, contractors, and agents of Customers who use the Service
  • ·Visitors: individuals who visit our website or contact us directly

This Privacy Policy is incorporated by reference into our Terms of Service. By using the Service, you agree to the data practices described in this Privacy Policy.

2

Information We Collect

2.1 Information You Provide. We collect information you provide directly, including:

Account and Registration Data: name, email address, company name, job title, phone number, and account credentials.

Subscription and Billing Data: billing address and subscription tier. Payment card information is processed directly by our third-party payment processors (Stripe, Helcim) and is not stored by Scope.

Customer Data: inspection reports, photographs, video recordings, customer records, business operational data, and all other content you upload or create through the Service.

Communications Data: information you provide when contacting our support team, submitting feedback, or communicating with us by email or through the Platform.

2.2 Information Collected Automatically. When you access or use the Service, we automatically collect:

Log Data: IP addresses, browser type and version, operating system, device type and identifiers, pages accessed, actions taken, access timestamps, and referring URLs.

Usage Data: feature usage patterns, session duration, interaction data, and engagement metrics.

Cookie and Tracking Data: data collected through cookies and similar tracking technologies as described in Section 6.

2.3 Information from Third Parties. We may receive information about you from:

  • ·Payment processors (Stripe, Helcim): transaction confirmation and payment verification data
  • ·Integration partners: data from third-party tools you connect to the Platform
  • ·Publicly available sources: business contact information for account verification
3

How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery. We use your information to provide and operate the Service, including:

  • ·Provide, maintain, operate, and improve the Service
  • ·Process subscription payments and manage billing
  • ·Authenticate users and maintain account security
  • ·Deliver AI-powered features: report generation, workflow automation, and business insights

3.2 AI Data Processing

AI Processing Disclosure — Customer Data may be processed by Scope’s AI systems to generate inspection reports, automate workflows, and produce business insights. Customer Data is NOT used to train shared or publicly available AI models without your prior written consent. Customer Data may be routed through third-party AI infrastructure providers solely to deliver AI features. All AI-generated outputs require review and validation by you; Scope is not responsible for decisions made based on AI outputs without independent verification.

3.3 Service Operations. We use your information for the following operational purposes:

  • ·Communicate with you about your account, subscriptions, and service updates
  • ·Provide customer support and respond to inquiries
  • ·Send service-related notifications and promotional communications — you may opt out at any time

3.4 Product Development and Analytics. We use aggregated and de-identified data to improve the Service, including:

  • ·Analyze usage patterns and feature engagement to improve the Service
  • ·Develop new features using aggregate, de-identified data

3.5 Legal and Compliance. We process information as required to comply with applicable legal obligations:

  • ·Comply with applicable laws, including FIPA breach notification obligations
  • ·Respond to legal process, court orders, and lawful government requests
  • ·Maintain records for audit, tax, and legal defense purposes
4

Legal Basis for Processing (GDPR)

Applies to: EU / UK / EEA Users

This section applies to users and data subjects located in the EU, UK, or EEA. If you are not in these jurisdictions, this section is provided for transparency but may not apply to you.

For EU/UK/EEA users, we process personal data on the following lawful bases under Article 6 GDPR:

Lawful BasisGDPR ReferenceProcessing Activities
Contract PerformanceArt. 6(1)(b)Providing the Service, managing subscriptions, and fulfilling Terms of Service obligations
Legitimate InterestsArt. 6(1)(f)Analytics, product improvement, security monitoring, fraud prevention, and enforcing our legal rights
Legal ObligationArt. 6(1)(c)Complying with FIPA, financial record retention, and legal process responses
ConsentArt. 6(1)(a)Marketing communications; withdrawable at any time without affecting prior processing
5

How We Share Your Information

We do not sell your personal data. We may share information only in the circumstances described below.

5.1 Service Providers and Processors. We share information with the following third-party providers who process data on our behalf:

CategoryProvider / Description
Payment ProcessorsStripe, Helcim — payment processing and billing
Cloud InfrastructureAmazon Web Services (AWS) — data storage and hosting
Analytics[Analytics Provider] — usage analytics and product improvement
AI Infrastructure[AI Provider] — powering AI features
Customer Support[Support Provider] — customer support

We share only the minimum data necessary for each provider to perform their function.

5.2 Legal Requirements. We may disclose information when required by law, court order, or lawful government request, or to protect the safety, rights, or property of Scope, our users, or the public.

5.3 Business Transfers. In connection with a merger, acquisition, or sale of substantially all of Scope’s assets, Customer Data may be transferred to the successor entity under the same privacy protections.

5.4 With Your Consent. We may share information in other circumstances with your prior written consent.

6

Cookies and Tracking Technologies

Cookies are small text files placed on your device when you access the Service. We also use local storage, session tokens, and web analytics beacons.

6.1 Essential Cookies (Required). Strictly necessary for the Service to function. Cannot be disabled without preventing Service access.

  • ·Session tokens — maintain authenticated sessions
  • ·Security cookies — CSRF protection and fraud prevention
  • ·Load balancing cookies — server routing

6.2 Analytics Cookies. Used to understand how users interact with the Service and improve functionality.

  • ·[Analytics Provider] cookies — feature usage and session analysis
  • ·Performance monitoring — page load times and error rate tracking

You can disable analytics cookies in your browser settings without affecting Service access.

6.3 Cookie Management. Manage cookie preferences through your browser settings. Disabling essential cookies will prevent Service access.

6.4 EU / UK / EEA Cookie Notice

GDPR / ePRIVACY Notice

Our use of non-essential analytics cookies is subject to GDPR and applicable ePrivacy regulations. A cookie consent mechanism may be presented when you first access the Service from an EU, UK, or EEA location. Non-essential cookies will not be placed without your consent.

6.5 Do Not Track. We do not currently respond to browser “Do Not Track” (DNT) signals, as no uniform industry standard exists. We will revisit this policy as standards develop.

7

Data Retention

7.1 Active Subscriptions. We retain Customer Data for the full duration of your active subscription.

7.2 Post-Termination Retention Schedule

PeriodDescription
30-Day Export WindowCustomer Data retained for 30 days post-termination; you may request a data export during this period (where supported)
7-Year Retention PeriodFollowing the export window, Customer Data is retained for 7 years from the date of termination or expiration
Log and Analytics DataServer log data retained up to 12 months; aggregate de-identified analytics data may be retained indefinitely

7.3 Basis for 7-Year Retention. The extended retention period is maintained for the following reasons:

  • ·Audit, tax, and financial compliance record-keeping
  • ·Legal defense in connection with professional liability claims related to inspection records
  • ·Applicable legal and regulatory record-keeping obligations

7.4 Deletion Rights and Carve-Outs. You may request deletion of your personal data at any time (Section 9). We will honor deletion requests except where retention is:

  • ·Required by applicable law or regulation
  • ·Necessary for the establishment, exercise, or defense of legal claims
  • ·Required to complete outstanding transactions or contractual obligations
  • ·Necessary for financial, audit, or tax record-keeping
8

Data Security

Scope implements commercially reasonable technical and organizational security measures, including:

  • ·Encryption of data in transit (TLS) and at rest
  • ·Access controls, role-based permissions, and multi-factor authentication
  • ·Regular security monitoring, vulnerability assessments, and penetration testing
  • ·Employee training on data security and privacy practices
  • ·Contractual security obligations for all third-party processors

No security system is impenetrable. We cannot guarantee that Customer Data will never be accessed or disclosed by unauthorized parties.

8.1 Data Breach Notification

Florida FIPA Commitment — 30-Day Notification

In the event of a security incident involving personal information, Scope will notify affected users within 30 days of discovering the breach, consistent with the Florida Information Protection Act (F.S. §501.171). If the breach affects 500 or more Florida residents, we will also notify the Florida Attorney General. Notifications will describe the nature of the breach, affected data, steps taken to mitigate harm, and recommended actions for affected individuals.
9

Your Privacy Rights

9.1 General Rights — All Users. Contact legal@scopeinspect.io to exercise any of these rights. We will respond within 45 days.

RightDescription
AccessRequest a copy of personal data we hold about you and how it is used
CorrectionRequest correction of inaccurate or incomplete personal data
DeletionRequest deletion of personal data (subject to Section 7.4 carve-outs)
Data ExportRequest export of Customer Data in a usable format (where technically supported)
Opt-Out of MarketingUnsubscribe from promotional communications at any time via the unsubscribe link or by contacting legal@scopeinspect.io

9.2 California Residents — CCPA / CPRA

Applies to: California Residents

If you are a California resident, the CCPA (as amended by CPRA) may provide you with the additional rights described below.

Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, business purposes, and third-party sharing.

Right to Delete: Request deletion of personal information collected, subject to the carve-outs in Section 7.4.

Right to Correct: Request correction of inaccurate personal information.

Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. Contact legal@scopeinspect.io to confirm.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of personal information collected in the last 12 months:

  • ·Identifiers: name, email address, IP address, account credentials
  • ·Commercial information: subscription records, transaction history
  • ·Internet or electronic network activity: log data, usage data, cookie data
  • ·Professional or employment-related information: job title, company name
  • ·Customer-generated content: inspection reports, images, business records

To submit a CCPA request, contact legal@scopeinspect.io. We will verify your identity before processing. Authorized agents may submit requests with written authorization.

9.3 EU / UK / EEA Residents — GDPR

Applies to: EU / UK / EEA Residents

If you are located in the EU, UK, or EEA, you have the following rights under the GDPR and applicable national law.
RightArticleDescription
Right of AccessArt. 15Obtain confirmation of processing and a copy of your personal data
Right to RectificationArt. 16Request correction of inaccurate or incomplete data
Right to ErasureArt. 17Request deletion where data is no longer needed, consent is withdrawn, or processing was unlawful (subject to Section 7.4)
Right to RestrictionArt. 18Request limitation of processing in certain circumstances
Right to PortabilityArt. 20Receive personal data in a structured, machine-readable format (where technically feasible)
Right to ObjectArt. 21Object to processing based on legitimate interests or for direct marketing
Automated Decision-MakingArt. 22Not be subject to solely automated decisions producing significant legal effects, unless necessary for contract or consented to

To exercise GDPR rights, contact legal@scopeinspect.io. We respond within 30 days (extendable to 60 with notice). You may also lodge a complaint with your local data protection supervisory authority.

10

International Data Transfers

Scope is headquartered in the United States. Customer Data is stored and processed in the US on AWS infrastructure. For users in the EU, UK, or EEA, your personal data will be transferred to and processed in the United States.

10.1 Transfer Mechanisms. We rely on the following legal mechanisms for international data transfers:

  • ·EU Standard Contractual Clauses (SCCs): European Commission-approved clauses for EU/EEA-to-US transfers
  • ·UK International Data Transfer Agreement (IDTA): For transfers from the United Kingdom
  • ·EU-US Data Privacy Framework (DPF): Where applicable, upon Scope's DPF certification

We apply the same security and data protection standards to all Customer Data regardless of processing location.

11

Children's Privacy

The Service is intended exclusively for business entities and their authorized representatives. We do not knowingly collect personal information from individuals under 13. If we discover we have collected such information, we will delete it promptly. Contact legal@scopeinspect.io if you believe we have inadvertently collected information from a child under 13.

12

Third-Party Links and Services

The Service may contain links to third-party websites, tools, or services. This Privacy Policy does not apply to third-party privacy practices. We encourage you to review the privacy policies of any third-party services you access. Scope is not responsible for the privacy practices or content of any third-party service.

13

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days’ advance notice via:

  • ·Email to the address associated with your account
  • ·In-app notification when you access the Service

Your continued use of the Service after the effective date constitutes acceptance of the updated policy. A version history is maintained at scopeinspect.io/privacy.

14

Contact Us

For privacy-related questions, rights requests, data breach reports, or concerns about our data practices:

CompanyScope Techlabs LLC
Privacy Emaillegal@scopeinspect.io
Scope Techlabs LLCVersion 1.0Effective: March 19, 2026legal@scopeinspect.io