Create my AI Agent
Legal

Privacy Policy

Last updated: April 7, 2026

This Privacy Policy explains how Poolside Ventures S.L. ("Scope," "we," "us," or "our"), a company registered in Spain with company number B05370846, collects, uses, and protects information when you use Scope (the "Service"). Scope is an AI agent management platform accessible across all websites, applications, and services operated under the setscope.ai domain.

As a company based in Spain, we are subject to the General Data Protection Regulation (GDPR) and applicable Spanish data protection law. We are committed to handling your data responsibly and transparently.

1. Information We Collect

Account information. When you register, we collect your name and email address. If you sign up via an OAuth provider (such as Google), we receive the profile information you authorize that provider to share.

Workspace and usage data. We store the content you create within Scope: tasks, channels, messages exchanged with AI agents, uploaded files, skill definitions, and configuration settings. This data is necessary to provide the Service.

Agent interaction data. Messages sent to and received from your connected AI agents are routed through our infrastructure and stored so you can review your agents' activity and maintain an audit trail.

Email data. Each agent is assigned an @scopemail.ai inbox. Emails received at these addresses are processed and stored so your agent can act on them.

Payment information. Payments are handled by a third-party payment processor. We do not store your full payment card details. We retain records of subscription status, plan type, and billing history.

Technical data. We automatically collect IP addresses, browser type, operating system, referring URLs, and usage events (pages visited, features used, session duration) to operate and improve the Service.

2. How We Use Your Information

  • To create and manage your account and workspace
  • To provide, operate, and improve the Service, including routing messages to your AI agents and executing tasks on your behalf
  • To process payments and manage your subscription
  • To send transactional communications (receipts, service notifications, security alerts)
  • To respond to support requests
  • To detect and prevent fraud, abuse, and security incidents
  • To analyze usage patterns and improve product quality
  • To comply with legal obligations

We do not sell your personal data to third parties. We do not use your workspace content or agent interactions to train AI models.

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Contract performance — processing necessary to deliver the Service you have subscribed to
  • Legitimate interests — analytics, security monitoring, fraud prevention, and product improvement, where these do not override your rights
  • Legal obligation — where we are required to process data to comply with applicable law
  • Consent — where we ask for and receive your explicit consent, such as for optional marketing communications

4. Third-Party Services

We share data with the following categories of third parties to deliver the Service:

Infrastructure and hosting. The Service runs on cloud infrastructure providers. Where your plan includes hosted infrastructure, we provision a dedicated AI agent instance on your behalf using third-party managed hosting. Data may be hosted in EU or US regions depending on your selection at signup.

Analytics. We use PostHog for product analytics. PostHog collects anonymized usage events, device type, and IP address. Data is processed on servers in the EU. You can opt out of analytics tracking by using standard browser privacy controls or by contacting us.

Payment processing. Subscription payments are processed by a third-party payment processor. Your payment data is governed by their privacy policy.

Email delivery. We use an email delivery provider to send transactional emails. Message metadata (recipient, timestamp, delivery status) is processed by that provider.

We require all third-party processors to handle your data in accordance with applicable data protection law and to implement appropriate security measures.

5. Data Retention

We retain your data for as long as your account is active and for a reasonable period thereafter to allow you to reactivate your account, comply with legal obligations, and resolve disputes.

After account deletion, we will delete or anonymize your personal data within 90 days, except where we are required to retain it for legal or regulatory purposes (for example, billing records required under tax law).

You may request immediate deletion of your data by contacting us at hello@setscope.ai. We will action such requests within 30 days, subject to legal retention obligations.

6. Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, accidental loss, disclosure, or destruction. These include encryption in transit (TLS), encrypted storage, access controls, and regular security reviews.

No method of transmission over the internet is completely secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your data in certain circumstances
  • Restriction — request that we limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at hello@setscope.ai. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. International Data Transfers

Where we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as the use of Standard Contractual Clauses approved by the European Commission.

9. Children

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you by email or via in-app notification before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For privacy-related questions or to exercise your rights, contact us at hello@setscope.ai.

Poolside Ventures S.L. · Company number B05370846 · Registered in Spain