Privacy Policy

• Account and profile information. If you create an account, we may collect your name, email address, studio name, phone number, and logo or branding assets you choose to store.
• Client and project information. When you create Design Alignment Contracts, we process the information you enter, such as client names, project names, project type, room or area, and your notes about what the client wants, must-have elements, things to avoid, and other design details.
• Usage information. We may collect basic technical information about how you access the Service, such as browser type, device type, pages viewed, and timestamps, to help us keep the Service reliable and improve the product.
• Payment information. If you purchase paid plans or contract credits, payment processing is handled by third-party providers. We do not store full payment card numbers, but we may receive limited billing and subscription metadata (such as billing address or last four digits) from those providers.

• To provide and maintain the Service. We use your information to let you create, edit, regenerate, and export Design Alignment Contracts, manage your profile, and access your past contracts.
• To power AI-generated content. When you generate or regenerate a contract, relevant parts of your inputs (for example, project description, notes, and inspiration links) are sent to our AI provider to create analysis and draft language.
• To improve the Service. We may use aggregated or de-identified information about how the Service is used to debug problems, improve prompts, and design better product features.
• To communicate with you. We may send you transactional emails (such as account or security notices) and, where permitted, product updates or tips. You can opt out of non-essential emails at any time.
• To protect the Service. We may use information to detect abuse, prevent fraud, and enforce our Terms of Service.

The Service uses third-party providers to deliver core functionality. In particular, we use an AI provider (currently OpenAI) to generate contract analysis and language, and we may use cloud hosting or database providers to store your data.

When you request AI generation or regeneration, we send the necessary parts of your inputs to our AI provider. The provider processes that data on our behalf to return an output. We configure our provider to handle your data in line with their enterprise or API terms, and we do not permit them to use your contract content to train publicly available models beyond what their terms allow by default. We recommend that you avoid including highly sensitive personal information in prompts.

If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

• Contractual necessity to provide the Service you request, such as creating and managing contracts.
• Legitimate interests to operate, secure, and improve the Service, provided those interests are not overridden by your rights and interests.
• Consent for certain optional activities, such as direct marketing communications, where required by law.

We retain your contracts, profile information, and related data for as long as your account is active or as needed to provide the Service. You may delete individual contracts or request deletion of your account; in that case, we will delete or anonymize your personal data within a reasonable period, subject to any legal obligations to retain certain records.

• Service providers. We may share information with hosting, analytics, AI, email, or payment providers who process data on our behalf and under contract.
• Legal and safety. We may disclose information if we believe it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; or to protect our rights or property.
• Business transfers. If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction, subject to appropriate confidentiality protections.
• No selling of personal data. We do not sell your personal data.

We use reasonable technical and organizational measures to protect your information, including encryption in transit (HTTPS) and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

The Service may be hosted or processed in countries other than where you live. By using the Service, you understand that your information may be transferred to and processed in those countries, which may have different data protection laws than your jurisdiction.

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, as well as to object to or restrict certain processing. To exercise these rights, please contact us using the details below. We may need to verify your identity before responding to your request.

The Service is not directed to children and is intended for use by professionals and adults. We do not knowingly collect personal data from children under the age of 16 (or other age as defined by local law). If you believe we have collected data about a child, please contact us so we can delete it.

We may update this Privacy Policy from time to time. If we make material changes, we will update the " Last updated" date at the top of this page and may provide additional notice as required. Your continued use of the Service after changes become effective indicates your acceptance of the updated Policy.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:
privacy@scopelock.app