Scope Creep Calc
GDPR Compliant

Privacy Policy

Your data belongs to you. This page explains what we collect, why we collect it, and how we protect it.

Last updated: May 26, 2026

1. Introduction

Scope Creep Calculator ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the California Consumer Privacy Act (CCPA) for California residents.

2. Information We Collect

2.1 Information You Provide Directly

When you use our calculator or create an account, we may collect:

  • Calculation data: Project hours, hourly rates, and task descriptions you enter into the calculator. This data is stored locally in your browser unless you create an account.
  • Account information: Email address and password (encrypted) if you register for a Pro account.
  • Payment information: Processed securely by our payment processor Lemon Squeezy. We do not store your credit card details.

2.2 Information Collected Automatically

We use cookies and similar technologies to collect:

  • Usage data: Pages visited, time spent, button clicks, and feature usage (anonymized).
  • Device information: Browser type, operating system, screen size, and language preference.
  • IP address: Used for security and analytics, stored in anonymized form.

3. How We Use Your Information

We use your information for the following purposes:

  • To provide and maintain our calculator service
  • To process your Pro subscription payments
  • To improve our website and user experience
  • To send you important updates about your account or service changes
  • To respond to your support requests
  • To comply with legal obligations

We do not sell your personal data to third parties.

4. Cookies and Tracking Technologies

We use the following types of cookies:

Cookie Type Purpose Duration
Essential Site functionality, authentication, security Session / 1 year
Preferences Dark mode, language settings 1 year
Analytics Anonymous usage statistics (Google Analytics) 2 years
Marketing Conversion tracking (only with consent) 90 days

You can manage your cookie preferences at any time through the cookie banner or your browser settings.

5. Data Storage and Security

We take data security seriously:

  • All data is transmitted over HTTPS with TLS 1.3 encryption
  • User passwords are hashed using bcrypt with salt
  • Calculation data is stored in Supabase with Row Level Security (RLS)
  • We perform regular security audits and vulnerability scans
  • Access to production data is restricted to authorized personnel only

6. Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication hosting
  • Lemon Squeezy: Payment processing and subscription management
  • Cloudflare: CDN, DDoS protection, and analytics
  • Google Analytics: Anonymous usage analytics (with consent)

Each third-party service has its own privacy policy and data handling practices.

7. Your Data Rights

Under GDPR and CCPA, you have the following rights:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Opt out of certain data uses
  • Right to withdraw consent: Revoke cookie consent at any time

To exercise any of these rights, please contact us at privacy@scopecreepcalculator.com. We will respond within 30 days.

8. Data Retention

We retain your data for the following periods:

  • Account data: Until you delete your account or 2 years of inactivity
  • Calculation history (Pro): 30 days from creation
  • Free calculation data: Stored locally in your browser only
  • Payment records: 7 years for tax compliance
  • Analytics data: 26 months (anonymized)

9. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Our servers are located in the United States (via Cloudflare and Supabase). If you are accessing our services from outside the US, your data may be transferred to and processed in the US. We use Standard Contractual Clauses (SCCs) to ensure adequate protection for EEA users.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes via email or a prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Cookie Consent

When you first visit our website, you will see a cookie consent banner. You can:

  • Accept All: Allow all cookie types including analytics and marketing
  • Reject Non-Essential: Only allow essential and preference cookies
  • Change Preferences: Update your choices at any time

Essential cookies cannot be disabled as they are required for the website to function.

Your Privacy, Your Control

You can manage your cookie preferences or request your data at any time.

Contact DPO