ScopeWorks Privacy Policy

Last updated: 21 June 2026.

Who We Are

ScopeWorks is a Charity Egg product for project scoping, room and building schedules, early cost planning and Excel exports. Contact: hello@charityegg.co.uk.

What This Policy Covers

This policy covers the ScopeWorks public website, the workspace at scopeworks.charityegg.co.uk, project scoping forms, account and billing contact fields, paid checkout, export and download records, support requests and technical logs.

Personal Data We Collect

• Account and contact details, such as name, email address, organisation, role/authority and access status where provided.
• Organisation details, such as charity or church name, project name, building type, project type and billing email.
• Project scoping data, including rooms, areas, size measurements, use, condition, constraints, schedule rows, rough rates, costing totals, specification notes and British Standard or guidance references.
• Suggestion inputs and outputs if the suggestion feature is used. Do not enter safeguarding, HR, payroll, medical, confidential personal or other sensitive case data into ScopeWorks prompts.
• Payment and order records, including checkout session identifiers, export version identifiers, buyer email, order status, refund status and entitlement records. Stripe handles card processing; ScopeWorks should not store full card details.
• Export and download records, including project ID, export version, download audit records, IP address, browser/user-agent and signed download metadata.
• Technical data, such as IP address, device/browser information, logs, security events and service diagnostics.

How We Collect Data

We collect data directly from workspace forms, account or billing fields, checkout requests, payment webhooks, support requests and product usage. Some technical records are created automatically by Vercel, Supabase, Stripe or related infrastructure when the service is used.

Why We Use Data

• To provide the ScopeWorks workspace for authorised organisation owners/admins and project users, save project/export records where live account access is enabled, and generate paid export versions.
• To manage payments, refunds, entitlement checks and download audit records.
• To provide customer support and respond to operational or security issues.
• To meet legal, tax, accounting and fraud-prevention obligations.
• To improve ScopeWorks using aggregated or operational feedback. Marketing emails, if used, will include a way to opt out.

Lawful Basis

We use personal data where needed to provide the service, manage customer accounts and paid exports, keep the service secure, respond to support requests, improve the product, and meet legal, tax and accounting obligations. Depending on the activity, the lawful basis may include contract, legitimate interests, legal obligation or consent.

Who We Share Data With

ScopeWorks may use Stripe for checkout and billing, Supabase for database/authentication/storage, Vercel for hosting and serverless functions, OpenAI for optional schedule suggestions when configured, and email/support providers for customer messages. Professional advisers, payment processors, regulators or law-enforcement bodies may receive data where required.

International Transfers

Some providers may process or store data outside the UK. Where this happens, ScopeWorks relies on provider terms, safeguards and lawful transfer mechanisms where applicable.

How Long We Keep Data

We keep account records, project records, paid export snapshots, order records, refund records, download audit records, support messages and security logs only for as long as needed for the service, legal/accounting duties, support, security and dispute handling.

Your Rights

Depending on the circumstances, individuals may have rights to access, correction, deletion, restriction, objection and portability. Requests can be sent to hello@charityegg.co.uk. Individuals may also complain to the UK Information Commissioner's Office.

Security

ScopeWorks uses private project/export records, entitlement checks and signed private download links where live account access is configured. Staff-only service/admin access should be restricted. No internet service can guarantee perfect security.

Cookies, Local Storage And Analytics

The ScopeWorks workspace may store local workspace data in the browser's local storage. Stripe, Supabase or other providers may set cookies or similar technologies during checkout or account access.

Changes To This Policy

ScopeWorks should update this policy when the product, providers, retention periods, analytics, account access, payment flow or support route changes.