Trust Methodology
Data retention is intentionally short where raw reports are sensitive.
Scopebase stores enough data to run estimates, maintain report history, secure the platform, and meet billing obligations. It does not need to keep raw inspection uploads forever, and deletion requests are handled as an operational workflow rather than a marketing promise.
Raw uploads
Short-lived parse inputs
Saved reports
User-controlled history
Audit logs
Security retention window
Data
Location
Retention
Notes
Inspection parse uploads
Private Supabase storage
Deleted after parse or cleanup job
Raw PDFs are short-lived by design.
Saved estimates and line items
Supabase PostgreSQL
Until user deletion or verified account deletion
Used for dashboard history, reports, and share links.
Guest estimates
Estimate jobs and estimates tables
30-day expiry target
Scoped to guest/session controls.
Security audit logs
security_audit_logs
90-day rolling window unless investigation requires longer
Request bodies should be minimized and redacted.
Billing records
Stripe and billing tables
Accounting, tax, fraud, and dispute retention
Card numbers are handled by Stripe, not Scopebase.
Backups
Provider-managed backup systems
Until backup window expires
Deleted records can remain in backups temporarily.
Deletion Requests
- Delete individual estimates where product controls allow it.
- Reset personalization memory from Account -> Privacy & Data.
- Submit full account deletion through account settings or support.
- Scopebase verifies the requester and processes eligible records within 30 days.
- Security, fraud, billing, legal, and backup exceptions are documented instead of silently removed.
Backup Limitation
Deleted records can remain inside provider backups until the backup window expires. Restore work is governed by the internal backup runbook, and restore requests are checked against privacy and deletion obligations before data is recovered.
Deletion requests target completion within 30 days after verification.