1. Introduction

Welcome to ScopeAI ("we," "us," or "our"). We provide an AI-driven web platform designed to streamline and automate project scope and requirements management for Business Analysts, Project Managers, Product Managers, Product Owners, Quality Assurance specialists, and other professionals (collectively, "users" or "you").

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and project-related data when you use our website, app, and services (collectively, the "Services"). By accessing or using our Services, you agree to the terms of this Privacy Policy.

2. Data We Collect

Account Information

• Personal Identifiers: Your full name, email address, and any other information you provide during account registration or profile updates.
• Login Credentials: Usernames, passwords, tokens, or similar credentials used to authenticate and secure your account.

Project & Requirements Data

• Uploaded Documents & Requirements: Text files, diagrams, or other materials you upload to generate questionnaires, user stories, tasks, diagrams, project documents, test plans, release notes, and other project artifacts.
• Metadata: Date and time of uploads, project names, reference IDs, and other contextual data.

Usage Data

• Technical Information: IP address, device type, browser type, operating system, language settings, and timestamps of your visits or usage.
• Feature Usage: Information about which features you use, how often, session duration, and frequency of feature interactions.

Jira Integration Data

When you connect ScopeAI with Jira, we exchange project-related data to synchronize and maintain up-to-date information. This data may include:

• Project descriptions
• Epics descriptions
• Tasks, user stories, their descriptions, and other related fields

This data is essential for ensuring system alignment, facilitating efficient project management, and reducing duplicate manual data entry.

3. How We Use Your Data

Provision of Services

• Creating & Updating Project Documentation: We process your data to generate AI-driven project artifacts (e.g., user stories, tasks, diagrams, test cases) and ensure all team members have the latest information.
• Integrations: We enable syncing of data to and from Jira, Slack, and other platforms for seamless collaboration.

Service Improvements & Analytics

• Performance Optimization: We analyze usage patterns to improve platform stability, performance, and user experience.
• Feature Development: We research and develop new AI-based capabilities using anonymized or aggregated data where possible.

Communication

• Support & Administrative Messages: We respond to your inquiries, provide technical support, and send updates or notices regarding our Services.
• Marketing & Newsletters: We may send promotional messages about new features, releases, or other relevant updates, subject to your consent where required by law.

Legal & Compliance

• Regulatory Requirements: We may process data to comply with legal obligations, respond to lawful requests by public authorities, or investigate potential misconduct.
• Terms Enforcement: We use data to enforce our Terms of Service and other policies, and to prevent fraud or abuse.

4. Cookies Policy

What Are Cookies?

Cookies are small text files that a website stores on your device to remember information about you, such as your login status, preferences, or the contents of a virtual shopping cart. Cookies also help us analyze how you use our Services.

Types of Cookies We Use

• Essential Cookies: Necessary for the operation of our Services, enabling core functionalities like user authentication and account security.
• Analytics & Performance Cookies: Help us understand how users engage with our website and app, track usage statistics, and improve the user experience.
• Functional Cookies: Remember the choices you make (e.g., language or region) and provide enhanced features.
• Targeting/Advertising Cookies: Used to deliver relevant ads or measure the effectiveness of marketing campaigns. You can opt out of certain targeting cookies via browser settings or third-party tools.

How We Use Cookies

• User Sessions: To keep you logged in and maintain your session state.
• Preferences: To store your language settings and interface preferences.
• Analytics: To measure and improve performance by understanding usage patterns.
• Marketing & Advertising: To deliver more relevant content, if we engage in advertising partnerships.

Third-Party Cookies

We may allow third-party service providers (e.g., analytics platforms like Google Analytics) to place cookies on our Services. These providers may collect information to track usage and trends. We do not control these cookies directly.

Your Choices

• Browser Settings: Most browsers allow you to refuse or delete cookies. Blocking essential cookies may affect certain functionalities of our Services.
• Opt-Out Mechanisms: Some third-party cookies offer opt-out options (e.g., Google Analytics Opt-Out Browser Add-On).

Cookie Duration

Some cookies expire when you close your browser (session cookies), while others remain on your device until they expire or are deleted (persistent cookies). We do our best to set expiration dates that reflect the cookie's intended purpose.

5. Legal Bases for Processing (GDPR Compliance)

For users located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data include:

• Performance of a Contract: We process your personal data as necessary to deliver our Services under an agreement with you.
• Consent: We rely on your consent for certain marketing communications or the use of certain cookies (where legally required). You can withdraw this consent at any time.
• Legitimate Interests: We may process data to improve our Services, secure our platform, and communicate effectively, as long as these interests are not overridden by your fundamental rights and freedoms.
• Legal Obligations: We may process data to comply with regulatory or legal requirements.

6. Data Sharing & Disclosure

No Third-Party Sales

We do not sell your personal data to third parties.

Service Providers

We may share your data with trusted third-party vendors (e.g., hosting providers, analytics services) who process data on our behalf. Each vendor must agree to protect your data in compliance with applicable privacy laws.

Jira Integration

If you choose to connect ScopeAI to Jira, certain project-related data (epics, tasks, user stories, descriptions) will be transferred between ScopeAI and Jira to keep both systems aligned. Jira is operated by a third party, and your data there is subject to Atlassian's Privacy Policy. We encourage you to review Jira's terms and privacy practices.

Slack & Other Integrations

If you enable Slack or other integrations, we may send notifications, updates, or relevant project details to those platforms. Each integration is subject to its privacy practices and user agreements.

Legal Requirements

We may disclose data if required by law, court order, or to protect our rights, users, or the public. This may include cooperation with law enforcement, government agencies, or other third parties in response to a formal request.

Business Transfers

If ScopeAI is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction, subject to confidentiality agreements.

7. International Data Transfers

We operate in both the United States and Europe, which may involve transferring your data outside of your home country. Where we transfer personal data from the EEA or the UK to a jurisdiction not deemed to provide adequate data protection, we use appropriate safeguards (such as Standard Contractual Clauses) to ensure your data remains protected by GDPR requirements.

8. Data Security

Technical Measures

We employ industry-standard security measures, including encryption (at rest and in transit, where possible), firewalls, access control mechanisms, and intrusion detection systems.

Organizational Measures

Access to personal data is restricted to authorized personnel who need it for their job responsibilities. Staff are trained on data handling best practices.

9. Data Retention

We retain personal data only as long as is necessary to fulfill the purposes stated in this Privacy Policy or as required by law. After that period, we securely delete or anonymize your data.

Where integrated with Jira or other external platforms, data may remain on those services subject to their respective retention policies.

10. Your Rights

EU/EEA and UK Residents

• Right of Access & Rectification: Request a copy of your personal data and correct any errors.
• Right to Erasure & Restriction: Ask us to delete or limit the processing of your data under certain conditions.
• Right to Objection & Portability: Object to processing or request your data in a structured, commonly used format.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

US Residents

Certain states (e.g., California) provide additional rights to access or delete personal data.

We do not sell personal data. If you have questions about your specific state's rights, please contact us.

Exercising Your Rights

To exercise these rights or make an inquiry, please contact us using the details provided below. We will respond in accordance with applicable data protection laws.

11. Third-Party Links & External Services

Our Services may contain links to third-party websites or apps, including integrations with Slack, Jira, Trello, and others. These external services have their privacy practices, which are not governed by this Privacy Policy. We encourage you to review their policies before sharing any data or enabling integrations.

12. Children's Privacy

Our Services are not designed for individuals under 16 years of age (or any higher age as may be required by local legislation). We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can promptly delete it.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Any changes will be posted on this page with a revised "Last Updated" date. Your continued use of the Services after any updates signifies acceptance of those changes.

14. Contact Us

For questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us: