Privacy Policy

We take privacy seriously. This policy explains what data we collect, how we use it, and your choices.

1. What We Collect

Account information:

• Email address and password (hashed, never stored in plain text)
• Company name and role (if provided during onboarding)
• ICP profile details (industry, trade, territories, project types)

Usage data:

• Scout AI conversations and tool calls
• Leads saved to your pipeline
• Search queries and filter preferences
• Weekly usage counts (messages sent, profiles viewed)

Technical data:

• Browser type and device info
• IP address (for security and rate limiting)
• Cookies for authentication

2. What We Don't Collect

• No payment card details — we use Stripe, which handles card data directly. We never see your card number.
• No access to your email account, calendar, or other services unless you explicitly connect them.
• No tracking across other websites.
• No sale of personal data to third parties. Ever.

3. How We Use Your Data

We use your data to:

• Provide and personalize the DigScout service
• Score and recommend leads based on your ICP profile
• Power Scout AI's responses and memory of your preferences
• Enforce plan usage limits
• Improve the product (aggregate, anonymized usage patterns)
• Send service-related emails (billing, account updates, support responses)
• Protect against abuse and security threats

4. Data Sharing

We don't sell or rent your data. We share information only with:

• Stripe — to process payments. Stripe has its own privacy policy.
• AI providers — your queries go to our AI provider (Google Gemini) to generate responses. We don't let AI providers train on your data.
• Service providers — infrastructure hosting and email delivery, under strict data protection agreements.
• Legal requirements — if required by law, regulation, or legal process.

5. Data Storage & Security

Your data is stored on secure servers in the United States. We use:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Bcrypt hashing for passwords
• JWT tokens for authentication (stored in cookies, not localStorage)
• Row-level security on database tables
• Rate limiting and abuse detection

No system is perfectly secure. We do our best, but can't guarantee absolute security.

6. Data Retention

• Active accounts: We keep your data as long as your account is active.
• Cancelled accounts: We delete personal data within 30 days of account closure. Aggregated, anonymized usage data may be retained for product improvement.
• Scout conversations: Retained for 90 days after your last interaction, then automatically purged.

7. Your Rights

You can:

• View and edit your profile and ICP settings anytime
• Export your pipeline and saved leads
• Delete your account and all associated data
• Opt out of non-essential communications

To exercise any of these rights, contact us at support@digscout.com.

8. Cookies

We use a minimal number of cookies:

• Authentication cookie — keeps you logged in. Expires after 7 days.
• Theme preference — remembers light/dark mode. Stored in localStorage.

We don't use advertising cookies, tracking pixels, or third-party analytics that profile you across sites.

9. Children's Privacy

DigScout is a business tool. It's not intended for anyone under 18. We don't knowingly collect data from minors.

10. International Users

DigScout is operated from the United States. If you use it from outside the US, your data is still processed and stored in the US. By using DigScout, you consent to this transfer.

11. Changes to This Policy

We may update this policy. We'll notify you by email for material changes. Continued use after changes means you accept the updated policy.

12. Contact

Privacy questions? Reach us at support@digscout.com.