Security & Privacy
How ScopeShift protects your data with enterprise-grade security, encryption, and GDPR compliance.
Data Encryption
All data at rest is encrypted using AES-256-GCM, the same standard used by banks and government agencies.
All data in transit is protected with TLS 1.3 encryption.
File attachments are stored in encrypted cloud storage with per-company isolation.
GDPR and Your Rights
ScopeShift is fully GDPR compliant. Your rights include:
Right to access — You can export all your data at any time from Settings > Data & Privacy.
Right to erasure — You can request deletion of your account and all associated data.
Right to portability — Your data can be exported in standard formats (CSV, JSON).
We maintain full consent records and only process data for the purposes you have agreed to.
Two-Factor Authentication
Enable 2FA from your account settings for an extra layer of security.
ScopeShift uses TOTP (Time-based One-Time Password) compatible with popular authenticator apps.
If you lose access to your authenticator, contact support to verify your identity and reset 2FA.
Data Export and Deletion
Directors can export company data from Settings > Data & Privacy > Export Data.
Data exports include all VOs, projects, users, and audit logs in CSV format.
To request complete account deletion, contact support@scopeshift.co.uk. Deletion is processed within 30 days as required by GDPR.
Need more help?
Contact our support team and we will get back to you within one working day.
Email Support