Privacy notice
ScopeStamp privacy notice
This notice explains what ScopeStamp collects, why it is used, who helps process it, and how people can ask for access, correction, deletion, or marketing opt-out.
Last updated: April 29, 2026.
Short version
ScopeStamp collects the information needed to run a change-order workflow: account details, client approval records, checkout status, support messages, product analytics, security logs, and marketing-list emails when someone joins the list.
ScopeStamp does not sell personal information and does not use sensitive personal information to infer characteristics. Do not put passwords, government IDs, full card numbers, health data, or other highly sensitive information into change orders or support messages.
1. Who operates ScopeStamp
ScopeStamp is the operator of the website at scopestamp.com and the ScopeStamp change-order software service. Privacy questions can be sent to legal@scopestamp.com. General questions can be sent to hello@scopestamp.com.
Mailing address: ScopeStamp, 1207 Delaware Ave Suite 4213, Wilmington, DE 19806. ScopeStamp has not appointed a data protection officer.
2. Notice at collection
This section is intended to make the main categories of information easy to find before or when personal information is collected.
| Category | Examples | Sources and main uses |
|---|---|---|
| Identifiers and account details | Name, email address, account id, workspace name, client names and client email addresses entered by a user. | Provided by users, clients, support contacts, and payment providers. Used for accounts, login, support, transactional email, approval links, billing, and fraud prevention. |
| Authentication and security data | Password hash, session cookies, admin access cookies, account status, request metadata, error and security logs. | Created when someone signs up, logs in, uses the app, or triggers a security event. Used to authenticate users, protect accounts, debug errors, and prevent abuse. |
| Customer content | Change-order titles, project names, summaries, scope details, timeline impacts, values, external payment links, approval status, audit-trail events, and support-message text. | Entered by users or submitted through approval and support flows. Used to create approval records, send client review links, display dashboards, and respond to requests. |
| Payment and commercial information | Plan choice, checkout session ids, Stripe or PayPal customer/subscription ids, PayPal payer ids, payment status, amount, refund/support context, and receipt-related metadata. | Provided by users and payment processors. Used to process ScopeStamp subscriptions and purchases, reconcile accounts, handle refunds, keep records, and prevent fraud. ScopeStamp does not store full card numbers. |
| Support and marketing contacts | Contact-form name, email, message, source, launch-list signup email, unsubscribe status, email delivery status, and support correspondence. | Provided through forms, email replies, and email providers. Used for support, transactional notices, launch-list delivery, unsubscribe handling, and internal operations. |
| Internet, device, analytics, and diagnostics | Page path, browser events, timestamps, event names, limited event properties, IP-derived logs, device/browser data, crash reports, and hosting diagnostics. | Collected from the website, browser analytics, hosting, and monitoring tools. Used to operate the site, improve onboarding, understand product usage, fix errors, and secure the service. |
| Inferences from product use | Simple product analytics such as signup source, checkout started, approval completed, and feature usage patterns. | Created from product activity. Used to improve the product, measure conversion, prioritize support, and understand whether ScopeStamp is useful. |
| Sensitive personal information | ScopeStamp may handle account login credentials in protected form and limited payment-related identifiers, but it is not designed for government IDs, health data, biometrics, precise geolocation, or full financial account details. | Used only as needed to provide the service, secure accounts, process payments through providers, and comply with law. ScopeStamp does not use sensitive personal information to infer characteristics. |
3. How ScopeStamp uses personal information
- Provide, maintain, secure, and troubleshoot the ScopeStamp website, dashboard, approval links, support forms, and admin tools.
- Create accounts, authenticate sessions, manage plans, record payment status, and send transactional emails.
- Generate, store, and deliver change-order records and client approval notifications at a user's direction.
- Respond to product, billing, legal, security, cancellation, refund, and support requests.
- Send marketing or launch-list email when someone signs up for it, and maintain unsubscribe records.
- Analyze product usage, conversion, reliability, and errors so the service can be improved.
- Detect, prevent, and investigate abuse, spam, fraud, security incidents, and policy violations.
- Comply with legal, tax, accounting, dispute, chargeback, and recordkeeping obligations.
4. Legal bases for EEA and UK visitors
Where European or UK data-protection law applies, ScopeStamp relies on these legal bases: contract or pre-contract steps for accounts, checkout, and the product workflow; legitimate interests for security, support, fraud prevention, service improvement, and basic analytics; consent where required for marketing or optional tracking; and legal obligations for tax, accounting, dispute, and compliance records.
5. How information is shared
ScopeStamp shares information only as needed to run the service, follow user instructions, or comply with law. Current provider categories include hosting, database, payment processing, email delivery, analytics, monitoring, domain and infrastructure providers, and professional advisers when needed.
- Payment processors: Stripe and PayPal process ScopeStamp checkout, subscriptions, payment status, fraud checks, receipts, disputes, and refunds under their own payment and privacy terms.
- Infrastructure providers: Vercel, Neon Postgres, Sentry, Amplitude, SendGrid, Google Workspace, DNS/domain, and similar providers help host, store, monitor, email, and operate the service.
- Client recipients: when a user sends a change-order approval link or email, ScopeStamp shares the relevant change-order content with the recipient selected by that user.
- Legal and safety recipients: ScopeStamp may disclose information to comply with law, enforce terms, protect rights and safety, respond to disputes or chargebacks, or investigate fraud and abuse.
- Business transfer recipients: if ScopeStamp is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate protections.
ScopeStamp does not sell personal information and does not share personal information for cross-context behavioral advertising. If that changes, this notice will be updated and any required opt-out will be provided before that activity begins.
6. Cookies, analytics, and tracking
ScopeStamp uses essential cookies for account sessions and admin access. These cookies are needed for login and security. The product may also use analytics and diagnostics tools to understand page paths, product events, errors, and performance. Browser controls can block or delete some cookies, but blocking essential cookies can break login and checkout flows.
Marketing emails include an unsubscribe link where required. You can also unsubscribe at /unsubscribe.
7. Retention
| Record type | Typical retention approach |
|---|---|
| Account and workspace records | Kept while the account is active and for a reasonable period after deletion to handle backups, security, disputes, accounting, or legal obligations. |
| Change orders and approval history | Kept while needed to provide the dashboard, approval record, audit trail, and dispute context, unless deleted earlier where deletion is available and lawful. |
| Payment, tax, and billing records | Kept as long as needed for accounting, chargebacks, tax, fraud prevention, legal compliance, and payment-provider records. |
| Support and contact messages | Kept as long as needed to answer the request, maintain business records, honor unsubscribe preferences, and handle repeat support issues. |
| Analytics, logs, and diagnostics | Kept for a limited period appropriate to product improvement, reliability, security, and provider settings, unless longer retention is needed for a real issue. |
| Backups | Deleted on the normal backup rotation schedule unless retained for security, continuity, legal, or disaster-recovery reasons. |
8. Your privacy choices and rights
Depending on where you live and which laws apply to ScopeStamp, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, appeal of a denied request, or information about how personal information is collected and shared. You may also have the right to opt out of sale, sharing, targeted advertising, or certain profiling if those activities occur.
- Send privacy requests to legal@scopestamp.com from the email connected to the account or request.
- ScopeStamp may need to verify your identity before changing or disclosing account information.
- Some records may be retained when needed for security, legal, tax, chargeback, dispute, fraud-prevention, backup, or free-speech reasons.
- ScopeStamp will not discriminate against you for exercising privacy rights that apply to you.
- EEA and UK users may also complain to their local data-protection authority if they believe a request was not handled properly.
9. Security
ScopeStamp uses reasonable technical and organizational measures for the size and nature of the service, including protected sessions, hashed passwords, provider-level security controls, limited admin access, monitoring, and payment processing through PCI-focused providers. No internet service can be guaranteed completely secure, so users should avoid submitting highly sensitive data that the product is not designed to store.
10. Children
ScopeStamp is a business software service and is not directed to children. Users must be at least 18 to create an account. ScopeStamp does not knowingly collect personal information from children under 13. If you believe a child submitted information, contact legal@scopestamp.com.
11. International visitors
ScopeStamp is operated from the United States and uses providers that may process information in the United States and other countries. If you access ScopeStamp from outside the United States, your information may be transferred to, stored in, or processed in a country that may not provide the same level of data protection as your home country.
12. Changes to this notice
ScopeStamp may update this notice when the product, providers, laws, or data practices change. The updated version will be posted on this page with a new date. If a material change affects active users, ScopeStamp may provide additional notice by email, in-product message, or another reasonable method.
13. Contact
Privacy contact
General: hello@scopestamp.com
Legal notices: legal@scopestamp.com
Mail: ScopeStamp, 1207 Delaware Ave Suite 4213, Wilmington, DE 19806