TRUST

Security at Scope.

Your invoice data and store access are handled with care. Here's how.

We know that trusting a third-party app with your Shopify store and supplier documents is a real decision. This page outlines our security practices in plain terms.

Data in transit

All communication between your browser, the Scope app, and our servers is encrypted using TLS 1.2 or higher. This applies to invoice uploads, API calls to Shopify, and the email forwarding system. Data is never transmitted over unencrypted channels.

Data at rest

Data stored on our servers, including vendor profiles, invoice records, and account settings, is encrypted at rest using industry-standard AES-256 encryption. Access to the production database is restricted to authorized systems and personnel only.

Invoice PDFs

Invoice PDFs you upload or forward via email are stored securely and are accessible only to your account. PDFs are processed by the AI system and then deleted after you approve or dismiss the invoice, typically within 24 hours. We do not retain PDFs beyond what is needed to complete processing.

Shopify integration

Scope connects to your Shopify store using Shopify's official OAuth 2.0 authorization system. We never ask for or store your Shopify admin password. Access is granted through a revocable API token that you can remove at any time by uninstalling the app from your Shopify admin. We request only the permissions required to read product data and update inventory.

Email forwarding

When you forward a supplier email to invoices@scopeinventory.com, we authenticate it against the email addresses registered in your account settings. The email is processed to extract invoice attachments and then deleted. We do not store email body text beyond what is needed for processing. Only email addresses you register are accepted for forwarding.

Access controls

Access to your Scope account is tied to your Shopify store login. We use Shopify's session management for authentication within the app. Only users with appropriate Shopify staff permissions for your store can access Scope. We do not maintain a separate user database with passwords.

REPORT A CONCERN

Found a security issue?

If you believe you've found a security vulnerability in Scope, please report it to us directly and privately before disclosing it publicly. We take all security reports seriously and will respond promptly.

scopehelp@proton.me