ScopeCraft

Privacy Policy

Last updated: May 2026

1. Introduction

ScopeCraft (“we,” “us,” or “our”) operates the ScopeCraft website and application at scopecraft.io and app.scopecraft.io. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using ScopeCraft you agree to the practices described here. If you have questions, contact us at support@scopecraft.io.

2. Information We Collect

Account information. When you create an account we collect your email address and a hashed password (managed by Supabase Auth). We do not store plain-text passwords.

Project questionnaire data. When you use the Scope Generator, we collect the answers you provide (project type, dimensions, materials, preferences, and other details). This data is stored in our database and used to generate your scope document.

Contractor bid documents (PDFs). When you use Bid Compare, you may upload contractor bid documents. We extract the text content from these files for AI analysis. Uploaded files may be stored temporarily in our secure file storage. We do not share your uploaded documents with other users.

Anonymous draft data. If you begin a project questionnaire before signing in, your in-progress answers may be saved locally or on our servers as an anonymous draft so you do not lose your work. This data is associated with your account once you sign in.

Payment metadata. When you make a purchase, payment processing is handled entirely by Stripe. ScopeCraft does not receive or store your credit card number. We store a record of your purchase (product, amount, date, and your Stripe customer ID) in our database.

Support communications. If you contact us at support@scopecraft.io, we retain those emails to respond to and track your request.

Usage data. We collect session-level analytics about how you interact with ScopeCraft (pages visited, features used, actions taken) using PostHog. PostHog is configured without persistent browser cookies — analytics data is associated with your current session only and is not linked across separate visits unless you are signed in. We also use Vercel Analytics, a privacy-preserving page-view counter that does not use cookies or store personal identifiers.

3. How We Use Your Information

  • To create and manage your account.
  • To generate AI-assisted scope documents and bid comparison reports for you.
  • To process your payment and fulfill your purchase.
  • To respond to support requests.
  • To improve the product through aggregated, anonymized usage analytics.
  • To send transactional emails (email confirmation, password reset). We do not send marketing emails without your consent.

4. AI Processing

ScopeCraft uses OpenAI's API to generate scope documents and bid comparison reports. Your project questionnaire answers and the text extracted from uploaded bid documents are sent to OpenAI for processing. OpenAI's use of this data is governed by their privacy policy. We do not use your data to train AI models.

5. Cookies and Storage

ScopeCraft uses a small number of strictly necessary or functional browser cookies:

  • Authentication session cookies (set by Supabase Auth) — required to keep you signed in. Without these cookies the app cannot function for authenticated users.
  • UI preference cookie — stores sidebar open/closed state to improve usability. Contains no personal data.

We do not use advertising cookies, third-party tracking cookies, or persistent analytics cookies. Our session-level analytics (PostHog) are configured to use in-memory storage only and do not write cookies to your browser.

6. Third-Party Service Providers

We share data with the following service providers only as necessary to operate ScopeCraft:

  • Supabase — database, authentication, and file storage.
  • Stripe — payment processing. Stripe receives your payment card data directly; ScopeCraft does not.
  • OpenAI — AI text generation for scope documents and bid comparison analysis.
  • PostHog — session-level product analytics (no persistent cookies; no cross-session tracking for anonymous visitors).
  • Vercel — application hosting and privacy-preserving page analytics.

We do not sell your personal information to third parties.

7. Data Retention

We retain your account data, project data, and purchase records for as long as your account is active and for a reasonable period afterwards to comply with legal obligations. Uploaded bid documents may be retained for a limited period after processing to support your access to your report, then deleted. To request deletion of your data, contact us at support@scopecraft.io.

8. Your Rights

Depending on where you are located, you may have rights to access, correct, or delete your personal data. California residents may have additional rights under the CCPA, including the right to know what personal information we collect and the right to request deletion. To exercise any of these rights, email us at support@scopecraft.io.

9. Security

We use industry-standard measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and access controls. No system is completely secure. If you believe your account has been compromised, contact us immediately at support@scopecraft.io.

10. Children

ScopeCraft is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a revised date. Continued use of ScopeCraft after a change constitutes acceptance of the updated policy.

12. Contact

Questions about this Privacy Policy? Email us at support@scopecraft.io.

← Back to home