Privacy Policy

18 May 2025

This Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

1. Definitions

This Privacy Policy (“Policy”) applies to Scope 360 AB (“Service Provider”, “we”, “us”) and our Scope360° Chrome extension and related services (“Service”). Any individual or entity using the Service is referred to as “Customer” or “you”. Personal Data means any information that can identify an individual, directly or indirectly, including names, email addresses, and technical identifiers.

2. Responsibility for Data Collection

Scope 360 AB, Swedish Company Registration Number SE559362049401 is responsible for the personal data you provide to us through purchases and other contacts with us and is responsible for processing these.

For any privacy-related questions or to exercise your rights, you may contact us at email: hello@scope360.se

3. Information We Collect

We collect different types of personal data for the following purposes:

User Data: A SHA-256 hash of your Jira instance origin (URL) and Jira username is used to determine which configuration to fetch from our central server. These hash values serve as anonymous identifiers and are not reversible, which means we cannot determine the original Jira URL or username. This ensures we cannot identify or track individual users or Jira instances. No other Jira-related data is sent to our servers.
Login Data: Your Jira username and password, if needed for authentication, are stored only in your browser’s local storage in encrypted form and are never transmitted externally (Contractual Necessity).
Usage Data: Information such as page titles, URLs, and view identifiers may be collected and sent to Google Analytics to help us improve the Service (Legitimate Interest).
Subscription Data: Name, email, payment information, and subscription details are collected to manage billing and access to the Service (Contractual Necessity)
Marketing Data: We may use your contact details to send you relevant marketing communications about our products and services. You can opt out at any time (Legitimate Interest or Consent).
Retention: Data is stored only as long as necessary for its intended purpose or required by law.

4. Use of Cookies

We use cookies to personalize content, ads and to analyze our traffic. We also share information about your use of our site with our advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. We also use cookies to collect data for the purpose of personalizing and measuring the effectiveness of our advertising. For more details, visit the Google Privacy Policy.

5. Use of Your Information

We process personal data for the following purposes:

To provide and configure the Service
To authenticate and manage login credentials for Jira.
To manage subscriptions and payments
To improve and analyze service usage
To ensure security and fraud prevention
To comply with legal obligations (e.g., accounting, tax requirements)
To send you marketing communications about our products and services (you may opt out at any time)

We do not sell or share your personal data except where necessary to operate our Service:

Payment Processors (for handling transactions)
Analytics Providers (Google Analytics, if consented to)
Cloud Storage & IT Service Providers (hosting and infrastructure)
Marketing & Communication Providers (for sending promotional emails, with your consent)
Legal Compliance (to authorities if required by law)

All third parties are bound by Data Processing Agreements (DPAs) to protect your information.

7. Data Security

We implement industry-standard security measures, including:

TLS encryption for data in transit
Access controls to restrict unauthorized access
Secure storage mechanisms for sensitive information

We also apply a privacy-by-design approach in how the Chrome extension is developed and interacts with data:

All communication with Jira REST APIs takes place entirely within your browser. No Jira content (e.g. issue details, user data, or project information) is ever transmitted to our servers.
To fetch the correct configuration for your instance, the extension generates a SHA-256 hash of the Jira origin and username. These hashes are used only as anonymous lookup keys to fetch configuration data and cannot be traced back to you or your Jira instance.
This ensures that sensitive data never leaves your device and that we, as the service provider, have no access to your Jira content.

8. Your Rights

Under GDPR, you have the following rights:

Right to be informed about data collection and usage
Right of access to your personal data
Right to rectification of inaccurate or incomplete data
Right to erasure (“right to be forgotten”)
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent at any time

To exercise these rights, please contact us at hello@scope360.se. We will respond within GDPR timelines.

9. Data Processing Legal Basis

We process your personal data based on:

Consent (for analytics, marketing communications, and cookies)
Contractual Necessity (for service access and billing)
Legal Obligation (for compliance with legal requirements)
Legitimate Interest (for improving and securing the Service, as well as sending relevant service-related marketing communications where applicable)

You can withdraw your consent for data processing at any time.

10. International Data Transfers

We strive to process data within the EEA. If data is transferred outside the EEA, we ensure protection through:

EU Standard Contractual Clauses (SCCs)
Adequacy decisions for certain countries
Technical and organizational security measures

For more information, contact hello@scope360.se.

11. Changes to This Privacy Policy

We may update this Policy as needed. Significant changes will be notified via:

Email (if you have an account with us)
Website notice

Please review this Policy periodically to stay informed.