Privacy Policy

1. Who We Are

SCOVR is a privacy-first communication platform built in Europe. The data controller is:

2. What We Collect — and Why

We collect only what you voluntarily give us to make the service work. Nothing is inferred, observed, or derived behind your back.

• Waitlist: your first name and email address — so we can send you one launch notification when SCOVR opens.
• Account: your name, email, and a hashed (irreversible) password — so you can sign in securely.
• Messages and files: the content you send through the platform, encrypted end-to-end. We cannot read it.

That is the entire list. There is no hidden collection.

3. What We Do Not Collect

Most companies collect the following as a matter of course. We do not.

There are no third-party analytics or advertising scripts on any SCOVR page.

4. Cookies

We use cookies for exactly one purpose: keeping you signed in.

• Session cookie — identifies your authenticated session. Deleted when you sign out or close your browser.
• CSRF token — a security token that prevents cross-site request forgery. Required for the platform to function safely.

There are no analytics cookies, no advertising cookies, and no third-party cookies of any kind. You will never see a cookie consent banner on SCOVR because there is nothing to consent to beyond what is strictly necessary.

5. How We Use Your Data

The data you provide is used solely for the purpose you gave it for:

• Waitlist email → one launch notification, then nothing unless you ask.
• Account credentials → signing you in and keeping your account secure.
• Messages and files → delivering them to the intended recipient. We never read them.

We do not use your data for marketing, product research, or any purpose other than operating the service you signed up for.

6. Who We Share Data With

Nobody, commercially. We do not sell, rent, license, or trade personal data to any third party under any circumstances.

The only limited exceptions:

• Infrastructure providers — European hosting providers that store and transmit your data solely on our behalf, under strict data processing agreements. They may not use your data for their own purposes.
• Legal obligation — if a court or regulatory authority requires disclosure, we will comply with the minimum necessary and notify you unless prohibited by law.

All infrastructure is operated in Europe. Your data does not leave the EU/EEA.

7. Retention

We keep data only for as long as it serves the purpose you gave it for:

• Waitlist — deleted within 30 days of launch, or immediately on your request.
• Account — held for the life of your account. Deleted within 30 days of closure.
• Messages and files — retained per your account settings and deleted immediately when your account closes.

8. Security

All data in transit is protected by TLS 1.3. All data at rest is encrypted with AES-256. Passwords are hashed using a modern one-way function — we cannot recover your password, and neither can anyone else.

Messages are encrypted end-to-end. SCOVR infrastructure has no access to the content of your conversations.

We run our own mail infrastructure on-premise. Your email address is never handed to a US-based email delivery service.

9. Your Rights

Under GDPR you have the following rights. Email privacy@scovr.com to exercise any of them. We will respond within 30 days.

10. Children

SCOVR is not directed at anyone under 16. If you believe a child has registered, contact privacy@scovr.com and we will delete the account immediately.

11. Changes to This Policy

If we ever change this policy in a way that affects your rights or expands what we collect, we will email you at least 14 days in advance. The effective date at the top of this page will be updated. We will not retroactively apply new terms to data collected under prior terms.

12. Contact