SCOPIQOBack to Home

Privacy Policy

Hash-based, privacy-first architecture

Last updated: 6/30/2025
Our Privacy Commitment

✅ What We Do

  • • Use minimal OAuth scopes (email, profile only)
  • • Process personal data in memory only
  • • Store only hashed identifiers for subscriptions
  • • Destroy all session data on logout
  • • Use secure, encrypted connections

❌ What We Don't Do

  • • Store email addresses or names in databases
  • • Share personal data with third parties
  • • Track you across websites
  • • Keep personal data after logout
  • • Store browsing history or preferences
Hash-Based Privacy Architecture

Revolutionary Privacy Protection

Unlike traditional services that store your personal information in databases, we've engineered a privacy-first architecture that protects your identity while still enabling essential features:

  • One-Way Transformation: Your email is converted using SHA-256 cryptographic hashing with a unique salt
  • Irreversible Process: The hash cannot be converted back to reveal your original email address
  • Zero Personal Data Storage: Only the mathematical hash is stored, never your actual information
  • Subscription Management: Enables premium features without compromising your privacy
  • Industry-Leading Security: Same encryption standard used by banks and government agencies

🛡️ What This Means for You

Even if our database was compromised (which we work hard to prevent), attackers would only find meaningless hash values that cannot be used to identify you or access your accounts elsewhere.

Your email address, name, and personal information remain completely private and secure.

What We Hash & Store

• Subscription tier (free/premium/enterprise)

• Account creation timestamp

• Last activity timestamp

• User preferences (anonymized)

Session-Only Data (Never Stored)

• Email address (memory only)

• Display name (memory only)

• Profile picture (memory only)

• OAuth tokens (memory only)

Technical Example (Simplified)

Your Email: user@example.com
↓ SHA-256 Hash + Salt ↓
Stored Hash: a7f8d9e2b1c4...

The hash is mathematically impossible to reverse, ensuring your email remains private forever.

Enhanced Security Architecture

🆕 Latest Security Improvements

We've recently enhanced our security architecture with advanced database protection mechanisms:

  • Row-Level Security (RLS): Database-enforced access controls ensure users can only access their own hashed profiles
  • Secure User Service: Centralized security layer with comprehensive validation and error handling
  • Consistent Hash Generation: Standardized hashing algorithm across all application layers
  • Preference Management: Secure storage of user preferences without compromising identity
  • Aggregated Analytics: Platform statistics without exposing individual user data

How This Improves Your Security

These enhancements provide multiple layers of protection for your data:

  • Defense in Depth: Multiple security layers working together to protect your data
  • Database-Level Enforcement: Security rules enforced at the database level, not just in application code
  • Isolated User Data: Even administrators cannot access your personal information
  • Secure API Design: All endpoints follow strict security practices with proper validation
Data Collection & Storage

Information We Access (Session Only)

Email Address

Used for: Account identification during session

Stored: In memory only, hashed for subscriptions

Basic Profile

Used for: Display name and avatar during session

Stored: In memory only, never persisted

Hybrid Privacy Architecture

We combine zero-storage for personal data with minimal hashed storage for essential functionality. Your personal information is only processed in memory during your active session, while subscription management uses irreversible hashes that cannot identify you.

OAuth Scopes & Permissions

Minimal OAuth Scopes Requested

openid

Basic identity verification only

Required
email

Email address for account identification

Required
profile

Name and profile picture for display

Required

Note: We deliberately avoid requesting additional scopes like calendar, contacts, or file access to minimize data exposure.

Session Management & Data Destruction

Automatic Cleanup

  • • Sessions expire after 1 hour of inactivity
  • • All tokens invalidated on logout
  • • Browser storage cleared completely
  • • Personal data destroyed from memory

Manual Logout

  • • Immediately destroys all session data
  • • Revokes OAuth tokens with Google
  • • Clears all authentication cookies
  • • Updates last activity timestamp only
Data Retention Policy

Minimal Retention Policy

We retain zero personal data beyond your active session. Only hashed identifiers for subscription management are stored, which cannot be used to identify you personally.

0 Days
Personal Data Retention
1 Hour
Maximum Session Duration
Hashed Only
Subscription Identifiers

What Persists After Logout:

  • • Hashed identifier (cannot be reversed to email)
  • • Subscription tier (free/premium/enterprise)
  • • Account creation timestamp
  • • Last activity timestamp
Security Measures

Technical Security

  • • End-to-end HTTPS encryption
  • • Secure JWT token handling
  • • SHA-256 hashing with unique salts
  • • No client-side data persistence
  • • Regular security audits
  • • Row-Level Security (RLS) protection

Access Controls

  • • Minimal privilege OAuth scopes
  • • Session-based access only
  • • Hash-based subscription management
  • • No admin access to personal data
  • • Automated session cleanup
  • • Database-enforced access policies
Customer Reassurance

🔒 Maximum Privacy Protection

  • • Your personal data cannot be stolen because it's not stored
  • • Hash values are useless to hackers and cannot identify you
  • • We cannot see your email address in our database
  • • No personal information is ever shared or sold

✅ Full Functionality

  • • Premium features work seamlessly with hash-based IDs
  • • Subscription management without privacy compromise
  • • Secure authentication using industry standards
  • • Complete service functionality maintained

Bottom Line: You get all the benefits of our service with unprecedented privacy protection. Your personal information is safer with us than with any traditional service that stores user data.

Legal Basis & Rights

Why We Store Hashed Identifiers

Legal Basis: Legitimate interest for providing subscription services and preventing fraud.

Purpose: Enable premium features, manage billing, and maintain service continuity while protecting your privacy through irreversible hashing.

Since we don't store your personal data, there's nothing to delete, modify, or export beyond your current session. However, if you have questions about our privacy practices or wish to delete your hashed subscription record, please contact us.

Back to Sign InTerms of Service