Privacy Policy

Last updated: September 10, 2025

Scope4 ("we", "us", or "our") is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable Austrian data protection laws. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our website and APIs.

1. Data Controller

The data controller is Scope4, Vienna, Austria. For privacy-related inquiries, contact: tommaso@scope4.com

2. Data We Collect

• Contact Information: We collect your name and email address when you fill out a request form or contact us directly.
• API Usage Data: We collect metadata related to your API usage, such as IP address, request timestamps, and usage statistics for billing, monitoring, and security purposes.
• Cookies & Analytics Data: We use analytics tools to understand website traffic and improve our services. Please see section 7 for details.

3. API Data Handling and Retention

We are committed to the highest standards of data privacy and confidentiality for the data processed through our APIs (ScopeGreen and ScopeVerify).

• Zero-Retention Policy: The content of your API requests (e.g., uploaded documents for ScopeVerify, specific queries for ScopeGreen) is processed ephemerally and is not stored or logged after the request is completed.
• Zero-Training Policy: Your data is never used to train or fine-tune any AI or machine learning models. We utilize open-source Large Language Models (LLMs) hosted by a SOC 2 Type II verified inference provider that enforces a strict zero-training and zero-retention policy, ensuring your data remains exclusively yours.

4. Purpose and Legal Basis

• To provide and maintain our services (Art. 6(1)(b) GDPR).
• To communicate with you and respond to inquiries (Art. 6(1)(b) GDPR).
• To monitor, analyze, and improve our services (Art. 6(1)(f) GDPR, legitimate interest).
• To comply with legal and billing obligations (Art. 6(1)(c) GDPR).

5. Data Sharing

We do not sell your personal data. We may share data with trusted third-party service providers (e.g., hosting, analytics, payment processing) under strict confidentiality and data processing agreements. Data may be disclosed to authorities if required by law.

6. International Transfers

If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to maintain a level of data protection consistent with GDPR.

7. Cookies & Analytics

Our website uses minimal cookies and analytics tools to understand user behavior and improve user experience. You can control the use of cookies through your browser settings.

8. Data Retention

We retain your contact information and API usage metadata only as long as necessary for the purposes stated, to maintain your account, or as required by law. As stated in Section 3, we do not retain the content of your API requests.

9. Your Rights

• Right to access, rectify, or erase your personal data.
• Right to restrict or object to processing.
• Right to data portability.
• Right to withdraw consent at any time (where processing is based on consent).
• Right to lodge a complaint with the Austrian Data Protection Authority (www.dsb.gv.at).

10. Security

We implement robust technical and organizational measures to protect your data. All HTTP requests to and from our services are secured using industry-standard TLS (HTTPS) encryption to protect data in transit. Access to our systems is strictly controlled and monitored.

11. Changes to this Policy

We may update this Privacy Policy periodically. The latest version will always be available on this page.

← Back to Home