Privacy Policy

At Rescope Technologies, Inc. ("Rescope," "we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and services (collectively, the "Services").

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using our Services, including:

• Account registration information (name, email address, company name)
• Payment and billing information
• Property addresses and parcel numbers you search
• Architectural plans and documents you upload
• Communications with our support team
• Survey responses and feedback

1.2 Automatically Collected Information

When you access our Services, we automatically collect certain information:

• Device information (browser type, operating system, device identifiers)
• Usage data (pages visited, features used, time spent)
• IP address and approximate location
• Cookies and similar tracking technologies

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process transactions and send related communications
• Analyze zoning and building code compliance for your properties
• Send service updates, security alerts, and administrative messages
• Respond to your inquiries and provide customer support
• Monitor and analyze usage trends to improve user experience
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

3. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With third-party vendors who perform services on our behalf (payment processing, data hosting, analytics)
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Legal Requirements: When required by law, subpoena, or legal process
• Protection of Rights: To protect the safety, rights, or property of Rescope, our users, or others
• With Your Consent: When you have given explicit permission

4. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Hosting on SOC 2 Type II certified infrastructure

5. Data Storage & Infrastructure

We take the security and reliability of our infrastructure seriously. Below are details about how and where your data is stored.

5.1 Hosting Infrastructure

Our Services are hosted on Amazon Web Services (AWS) infrastructure that maintains SOC 2 Type II certification. All data centers meet rigorous physical security standards including 24/7 monitoring, biometric access controls, and environmental protections.

5.2 Geographic Location

Your data is stored in data centers located in the United States, primarily in the US-East (N. Virginia) and US-West (Oregon) regions. Data may be replicated across these regions for redundancy and disaster recovery purposes.

5.3 Database Security

• PostgreSQL databases with AES-256 encryption at rest
• Encrypted backups retained for 30 days
• Point-in-time recovery capability for data restoration
• All database connections encrypted via TLS 1.3

5.4 Document Storage

• Uploaded plans and documents stored in encrypted object storage (S3)
• Automatic virus and malware scanning on all uploads
• Customer data logically segregated by tenant with strict access controls
• Server-side encryption with AWS-managed keys (SSE-S3)

5.5 Backup & Disaster Recovery

• Daily automated backups of all customer data
• Cross-region replication for critical data
• 99.9% uptime SLA target
• Recovery Point Objective (RPO): 1 hour
• Recovery Time Objective (RTO): 4 hours

5.6 Access Controls

• Role-based access control (RBAC) for all systems
• Multi-factor authentication required for all staff accessing production systems
• Comprehensive audit logging of all data access
• Regular access reviews and principle of least privilege

5.7 Third-Party Subprocessors

We use the following categories of third-party service providers who may process your data:

• Cloud Infrastructure: Amazon Web Services (AWS)
• Payment Processing: Stripe
• Analytics: PostHog, Mixpanel
• Email Communications: Resend, Customer.io
• Customer Support: Intercom
• Error Monitoring: Sentry

A complete list of subprocessors is available upon request. We will notify customers of any new subprocessors at least 30 days before they begin processing data.

6. AI and Machine Learning

Our Services use artificial intelligence and machine learning to analyze documents and provide zoning insights. Here's how we handle your data in this context:

6.1 Document Processing

When you upload architectural plans or documents, our AI systems analyze them to:

• Extract relevant measurements and specifications
• Identify building elements for code compliance checking
• Compare against applicable zoning regulations
• Generate compliance reports and recommendations

6.2 Training Data

We do not use your uploaded documents or project data to train our AI models without your explicit consent. Any model improvements are made using anonymized, aggregated data or separately licensed training datasets.

6.3 Third-Party AI Providers

We may use third-party AI services (such as large language models) to enhance our analysis capabilities. When we do, your data is processed according to our data processing agreements with these providers, which prohibit them from using your data for their own training purposes.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you Services. Project data is retained for the duration of your subscription plus 90 days, after which it is automatically deleted unless you request earlier deletion. We may retain certain information as required by law or for legitimate business purposes.

8. Your Rights and Choices

8.1 Account Information

You may update, correct, or delete your account information at any time by logging into your account settings or contacting us.

8.2 Marketing Communications

You may opt out of marketing emails by clicking the "unsubscribe" link in any marketing email. You will continue to receive transactional and service-related communications.

8.3 Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Essential Cookies: Required for the Services to function (authentication, security, load balancing). Cannot be disabled.
• Functional Cookies: Remember your preferences and settings (language, display options, recent searches).
• Analytics Cookies: Help us understand how users interact with our Services (PostHog, Mixpanel). Used to improve user experience.
• Marketing Cookies: Track effectiveness of our advertising campaigns. Only used with your consent.

You can manage your cookie preferences through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

9. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to opt out of the sale of personal information (we do not sell)
• Right to non-discrimination for exercising your rights

To exercise these rights, contact us at [email protected] or call (888) 555-0123.

10. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making: Request human review of automated decisions that significantly affect you

Legal Basis for Processing: We process your data based on:

• Performance of our contract with you (providing the Services)
• Your consent (for marketing communications and optional analytics)
• Legitimate interests (improving our Services, security)
• Legal obligations (tax, regulatory requirements)

To exercise these rights, contact our Data Protection Officer at [email protected]. You also have the right to lodge a complaint with your local data protection authority.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, primarily the United States. We ensure appropriate safeguards are in place to protect your information, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with all subprocessors
• Compliance with the EU-U.S. Data Privacy Framework where applicable

12. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Services after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: