Scopevera Legal

Privacy Policy

This policy explains how Scopevera collects, uses, stores, and protects data when you use Scopevera, including Google OAuth connections such as Gmail monitoring.

Effective date: April 16, 2026 Applies to: https://scopevera.com and https://app.scopevera.com
Terms of Service Support Security

1. What Scopevera does

Scopevera is project intelligence software. It connects to approved project systems and communication sources, detects delivery risk signals, and surfaces recommended actions for project teams.

2. Google data Scopevera accesses

When you connect Gmail, Scopevera requests the Google OAuth scope https://www.googleapis.com/auth/gmail.readonly.

  • Scopevera reads message lists and selected message metadata from the mailbox you authorize.
  • Scopevera uses sender, subject, timestamp, and Gmail snippet text to identify delivery blockers, escalation language, and project risk signals.
  • Scopevera does not request Gmail send, compose, modify, or delete scopes for this integration.

3. Why Scopevera uses Google data

  • To build monitoring snapshots and signal summaries for project risk detection.
  • To generate project health insights and recommended actions inside the Scopevera workspace.
  • To support user-requested monitoring workflows, alerts, and executive briefings.

4. Token handling and security

  • OAuth access and refresh tokens are stored encrypted at rest.
  • Scopevera uses Windows DPAPI encryption on Windows hosts or a configured Fernet key (SCOPEVERA_CONNECTOR_SECRET_KEY) on non-Windows deployments.
  • Connector token data is written through encrypted payload storage rather than plaintext token files.

5. Data storage and retention

  • Scopevera stores connector account metadata and encrypted OAuth token material required to maintain authorized connections.
  • Scopevera stores monitoring snapshots, risk findings, and derived signal intelligence so teams can review recent risk context and action history.
  • When Gmail monitoring is enabled, Google-derived metadata and snippet text may be persisted server-side as part of those monitoring snapshots and evidence records.
  • Google-derived monitoring content is retained in tenant data stores while monitoring remains active, unless removed through account maintenance or support-led deletion requests.

6. Sharing and subprocessors

  • Scopevera does not sell Google user data.
  • Scopevera uses infrastructure and service providers needed to host, secure, and operate the service (for example hosting, observability, and configured AI processing paths).
  • Scopevera uses Google user data only for the user-facing functionality described in this policy and in-product connector workflows.
  • Scopevera's use and transfer of information received from Google APIs follows the Google API Services User Data Policy, including Limited Use requirements.

7. Revoking access and deletion requests

  • You can revoke Scopevera's Google access from your Google Account permissions page at any time.
  • Scopevera currently treats Google revocation and support-led cleanup as the primary disconnect pathway for Google connector data removal.
  • You can request connector/account data removal by contacting support@scopevera.com.
  • For legal/privacy requests, contact legal@scopevera.com.