Privacy Policy
How ScopeDeck collects, uses, stores and protects personal data, and the rights you have under UK GDPR. A template draft for legal review before publishing.
No card needed. 2 clients and 5 quotes free forever. Unlimited teammates.
TEMPLATE DRAFT, review with a qualified lawyer before publishing. This document is a starting point drafted for a UK/GDPR context. It is not legal advice. Complete every [PLACEHOLDER], tailor it to how ScopeDeck actually operates, and have it reviewed by a qualified solicitor before it goes live.Last updated: [DATE]
This Privacy Policy explains how [COMPANY LEGAL NAME] ("ScopeDeck", "we", "us", "our") collects, uses and protects personal data when you use the ScopeDeck website and application (the "Service").
1. Who we are
[COMPANY LEGAL NAME] is the data controller for personal data we collect about you as a user of the Service (for example, your account details).
- Registered address: [ADDRESS]
- ICO registration number: [ICO NUMBER]
- Contact: [SUPPORT EMAIL]
- Data protection contact: [DPO / PRIVACY CONTACT], [SUPPORT EMAIL]
For personal data that you upload about your own clients when scoping work, you are the controller and we are the processor. Our obligations for that data are set out in our Data Processing Agreement.
2. The data we collect
- Account data: name, email address, password (stored hashed), organisation/Space name.
- Billing data: plan, billing contact and transaction records. Card payments are handled by our
payment provider; we do not store full card numbers.
- Content data: the scopes, quotes, specifications, snippets, documents and client details you
create in the Service.
- Usage data: log data, device and browser information, and actions taken in the Service, used
to run, secure and improve it.
- Communications: messages you send us via [SUPPORT EMAIL] or the contact form.
3. How we use your data and our lawful bases
- To provide the Service (contract), creating your account, running the app, generating PDFs
and enabling e-signature and collaboration.
- To take payment (contract), billing your chosen plan.
- To secure and improve the Service (legitimate interests), diagnostics, preventing abuse and
product improvement.
- To communicate with you (contract / legitimate interests), service messages; marketing only
where you have consented, with an easy opt-out.
- To meet legal obligations (legal obligation), tax, accounting and lawful requests.
4. Sharing and sub-processors
We do not sell your personal data. We share it with service providers who help us run ScopeDeck, under contract and only as needed. Current sub-processors include:
- [HOSTING PROVIDER, e.g. Supabase / PostgreSQL hosting], application database and hosting.
- [CDN / SECURITY, e.g. Cloudflare], content delivery and protection.
- [PAYMENT PROVIDER], subscription billing.
- [EMAIL PROVIDER], transactional and support email.
A current list is maintained in the DPA. Where data is transferred outside the UK/EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Addendum.
5. How long we keep it
We keep account and content data for as long as your account is active. After you close your account, we delete or anonymise personal data within [RETENTION PERIOD, e.g. 30–90 days], except where we must retain records to meet legal obligations (for example, billing records for tax purposes). You can export your work before you leave, see security.
6. Security
We use technical and organisational measures to protect personal data, including encryption in transit and at rest, tenant isolation between Spaces, access controls and regular backups. More detail is on our security page. No system can be guaranteed perfectly secure, but we work to protect your data and to notify you of any breach as required by law.
7. Your rights
Under UK GDPR you have the right to access, rectify, erase, restrict or object to processing, to data portability, and to withdraw consent where processing relies on it. To exercise any right, contact [SUPPORT EMAIL]. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
We use cookies and similar technologies that are strictly necessary to run the Service, and [ANALYTICS / PREFERENCE COOKIES, describe and link to a cookie notice or banner]. You can control non-essential cookies through [COOKIE CONTROLS].
9. Children
The Service is not intended for individuals under 18, and we do not knowingly collect their data.
10. Changes to this policy
We may update this policy from time to time. We will post the updated version here and, for material changes, notify you through the Service or by email.
11. Contact
Questions about this policy or your data: [SUPPORT EMAIL], or write to [COMPANY LEGAL NAME], [ADDRESS].