ScopeChainBack to Home

Privacy Policy

Last updated: November 2025

ScopeChain is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our supply chain emissions tracking platform. We operate in Sweden and comply with EU General Data Protection Regulation (GDPR) requirements.

1. Information We Collect

Account Information

When you register, we collect your name, company name, email address, and account credentials. Passwords are securely hashed and never stored in plain text.

Emissions Data

We store purchase records, emission estimates, and verified emissions data that you submit through the platform.

Technical Data

We automatically collect IP addresses, browser type, device information, and access logs for security and platform functionality.

2. How We Use Your Data

  • Providing and operating the ScopeChain platform
  • Facilitating communication between Buyers and Suppliers
  • Calculating and tracking Scope 3 emissions
  • Sending transactional emails (invitations, notifications)
  • Ensuring platform security and preventing fraud
  • Complying with legal obligations

3. Legal Basis for Processing

We process your data under the following GDPR legal bases:

  • Contractual necessity - to provide the ScopeChain service
  • Legitimate interest - platform security and communication
  • Legal obligation - compliance with applicable laws
  • Consent - for optional features where applicable

4. Data Retention

We retain your data only as long as necessary:

  • Account data - until you delete your account
  • Emissions data - retained while your account is active
  • Technical logs - 90 days for security purposes

When you delete your account, all personal data is removed or anonymized within 30 days.

5. Data Sharing

We share data only with:

  • Service providers - hosting (Vercel), database (Supabase), email (Resend), all under GDPR-compliant agreements
  • Platform users - Buyers and Suppliers share data necessary for emissions tracking
  • Legal authorities - only when required by law

We never sell your personal data to third parties.

6. Your Rights

Under GDPR, you have the right to:

  • Access - request a copy of your personal data
  • Rectification - correct inaccurate information
  • Erasure - delete your account and data
  • Portability - receive your data in a portable format
  • Restriction - limit how we process your data
  • Object - object to processing based on legitimate interests

To exercise your rights, email us at contact@scopechain.com. We respond within 30 days.

7. Security

We protect your data using industry-standard security measures:

  • TLS/HTTPS encryption for all data in transit
  • Encrypted database storage
  • Secure password hashing (bcrypt)
  • Row-level security policies
  • Regular security monitoring

8. International Transfers

Some of our service providers operate outside the EU. When data is transferred internationally, we ensure protection through EU Standard Contractual Clauses (SCCs) or equivalent safeguards.

9. Cookies

We use only essential cookies required for authentication and platform functionality. We do not use tracking or advertising cookies. See our cookie notice for details.

10. Contact

For privacy inquiries or to exercise your rights:

ScopeChain

Email: contact@scopechain.com

Location: Sweden, European Union

11. Policy Updates

We may update this Privacy Policy periodically. Significant changes will be communicated via the platform or email. Continued use of ScopeChain after changes constitutes acceptance of the updated policy.