Privacy Policy — ReScope

A. Scope and who this policy applies to

• This policy applies to users of the ReScope app and our related websites and premium services.
• If you use ReScope for your business and upload information about your customers (for example, a homeowner), you are responsible for providing any notices to them that your laws or contracts require. See “Business and customer data” below.

B. The information we collect (and what we do not collect)

1) Information stored locally on your device (not sent to us by default)

By design, ReScope stores most change order data on your phone, including drafts, PDFs, signatures captured in-person, and related attachments, unless you choose to use premium cloud features that upload specific items. Local device storage may include:

• Change order details you enter (scope, line items, notes)
• Generated PDFs (draft and signed)
• Signature images captured in the app
• Photos or other attachments you add
• Hashes (for example, SHA-256) used to verify file integrity

We do not receive this local content unless you deliberately use a feature that transmits it (for example, creating a remote approval link, uploading a signed artifact for homeowner download, or contacting support and choosing to share files).

2) Account and workspace information (only if you use Premium/team features)

If you create or use a Premium account, join a company workspace, or participate in a team, we may collect:

• Email address and authentication information (for login)
• Company/workspace identifiers and your role (worker/supervisor/admin)
• Team membership and invite/join metadata (for example, invite status, join timestamps)

3) Remote approval and proposal collaboration data (only if you use those features)

If you use remote approval links or proposal collaboration links, we process the minimum data needed to deliver those features, such as:

• A “review” PDF you upload for the homeowner to view
• A signature image uploaded by the homeowner via the approval page
• An approver name the homeowner enters (if required by the workflow)
• Server timestamps for approval events
• Proposal messages and photos the homeowner submits
• Audit events about workflow actions (for example, “submitted for review,” “approved,” “locked,” “uploaded signed PDF”)

Important: We do not need or want the full contents of your device. Premium cloud features are designed to upload only the specific snapshot/PDF/signature/photos needed for the workflow.

4) Payments and accounting integrations (only if enabled)

If you enable payment collection or QuickBooks integration (or similar accounting integrations), we may process:

• Payment and invoice metadata necessary to facilitate the transaction (for example, amounts, status, transaction identifiers, and related references)
• Accounting connection tokens/credentials provided during integration setup
• Records of synchronization actions (for example, invoice created/updated, attachment uploaded)

Payment information is typically processed by the payment processor directly. We do not intend to store full card numbers on our systems. Any payment method handling is subject to the payment processor’s policies as well.

5) Limited technical and security data

To protect the Services and prevent abuse, we may collect limited technical data such as:

• IP address and approximate location derived from IP (for security and fraud prevention)
• Device and browser information on the homeowner web pages (for compatibility and security)
• Server logs of requests (for reliability and security)

Privacy guardrail: We do not intentionally log the contents of PDFs, signature names, addresses, or other sensitive text from your change orders. We also do not store or log secret tokens in plaintext.

6) What we do not do

• No advertising tracking: We do not use IDFA for ad tracking.
• No sale of personal information: We do not sell personal information.
• No profiling for targeted advertising: We do not build advertising profiles.
• No reading unrelated data on your device: We only access device content you choose to create or attach within the app.

C. How we use information

We use the information described above to:

• Provide and operate the Services (including team features, remote approval links, proposal collaboration, and artifact download)
• Authenticate users and administer roles/permissions
• Generate, store, and deliver the specific files you choose to upload for premium workflows (review PDFs, signed PDFs, signatures, proposal photos)
• Maintain security, prevent abuse, and protect the integrity of approvals and artifacts (including hashing, token protection, and audit trails)
• Provide customer support and troubleshoot issues (without collecting or requesting unnecessary content)
• Comply with legal obligations and enforce our terms

D. How we share information

We share information only as needed to operate the Services and for the reasons below:

1) Service providers (processors)

We may use vendors to help run the Services, such as:

• Hosting providers (compute and databases)
• Object storage providers (to store PDFs, signatures, photos)
• Email providers (for invites or login links)
• Payment processors (if enabled)
• Accounting platform providers (for integrations you choose to connect)

These providers are authorized to process information only to provide services to us and are expected to protect it.

2) Legal and safety

We may disclose information if we believe in good faith it is necessary to:

• Comply with law or valid legal process
• Protect the rights, safety, and security of ReScope, our users, or others
• Investigate fraud, security incidents, or misuse

3) Business transfers

If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will provide notice if required by law.

E. Business and customer data (contractor/homeowner)

If you use ReScope for your business:

• You control what customer information you put into the app and what you upload through Premium workflows.
• You are typically the “controller” of your customer data and ReScope acts as a “processor” for limited Premium features where data is uploaded.
• Homeowner links are designed to work without accounts; the homeowner may provide a signature and/or name and may upload photos/comments in proposal flows.
• You should not upload sensitive information unless necessary for your business purposes and lawful to do so.

F. Security

We use administrative, technical, and organizational measures designed to protect information, which may include:

• Encryption in transit (HTTPS) for network communications
• Secure storage for secrets/tokens on device (for example, Keychain)
• Token hashing and access controls on backend systems
• Role-based access controls for team functionality
• File type/size validation, rate limiting, and short-lived download links for public pages

No method of transmission or storage is 100% secure. You are responsible for maintaining the security of your device and access credentials.

G. Data retention

Because ReScope is offline-first, much of your data is stored on your device until you delete it.

For data processed by Premium features, we generally retain information only as long as needed to provide the feature and for legitimate business purposes such as security and auditability. Examples:

• Approval and proposal records: retained while the link is active and afterward as needed for audit/history, unless you delete them or applicable law requires otherwise.
• Signed artifact hosting: retained to allow authorized downloads and recordkeeping, unless you delete it or configure retention limits.
• Logs: retained for a limited period for security and reliability, then deleted or de-identified.

You may have admin tools (or you can contact us) to request deletion of Premium-hosted content associated with your account, subject to legal and operational limitations.

H. Your choices and rights

Depending on your location, you may have rights to:

• Request access to personal information we hold about you
• Request correction of inaccurate information
• Request deletion of certain information
• Object to or restrict certain processing
• Receive a copy of certain information in a portable format

How to exercise rights: contact us using the information in “Contact us.” We may need to verify your request. If you are a homeowner interacting through a link, your request may need to be handled by the contractor/business that sent the link, depending on the data and relationship.

I. Cookies and similar technologies (web pages)

Our homeowner web pages may use essential cookies or local storage strictly necessary for security, load balancing, and basic functionality (for example, session integrity). We do not use cookies for behavioral advertising.

J. Children’s privacy

The Services are not directed to children under 13 (or the age defined by your local law), and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact us.

K. International users

If you access the Services from outside the United States, your information may be processed in the United States or other locations where we or our service providers operate. We take steps intended to ensure appropriate protections for cross-border transfers where required.

L. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required by law (for example, by updating the “Last Updated” date and, if appropriate, providing in-app or website notice).

M. Contact us

ReScope Privacy Team

Email: info@rescope.info

Mailing address: (add company address when available)