Scope← Back to home

Cookie Policy

Last updated: 26 May 2026

1. What are cookies?

Cookies are small text files stored in your browser when you visit a website. We also use localStorage — a similar browser storage mechanism that persists between sessions but is never transmitted to our servers automatically.

2. What we use and why

Scope uses the absolute minimum required to run the service securely. We have no advertising cookies, no tracking pixels, and no third-party analytics scripts on the frontend.

Strictly necessary (no consent required)

scope_refreshHTTP CookieExpires: 7 days

Stores your encrypted refresh token so you stay logged in between browser sessions. Set HttpOnly (JavaScript cannot read it), Secure (HTTPS only), SameSite=Strict (not sent cross-site). Without this cookie the Service cannot function.

Stored: Browser (sent to /v1/auth only)

Preference (requires consent)

scope-accentlocalStorageExpires: Until browser data is cleared

Remembers your chosen dashboard accent colour (e.g. Cyan, Emerald, Purple). Purely cosmetic. Removed if you withdraw consent.

Stored: Browser only — never sent to server

scope_consentlocalStorageExpires: 12 months

Records your cookie consent choice and the policy version you accepted. Required to avoid showing the consent banner on every visit.

Stored: Browser only — never sent to server

3. Third-party cookies

The Scope application itself sets no third-party cookies. However, when you click "Upgrade plan" you are redirected to Stripe Checkout — a separate Stripe-hosted page. Stripe may set its own cookies on their domain for fraud prevention and payment processing. These are governed by the Stripe Privacy Policy.

4. Your choices

You can control cookies and localStorage in several ways:

  • Consent banner: When you first visit the site, a banner gives you the choice between "Essential only" and "Accept all". Both options are equal in size and prominence as required by GDPR.
  • Withdraw at any time: Click Manage cookies in the footer of any page. This clears your consent record and all preference storage, then refreshes the page so the banner reappears.
  • Browser settings: You can clear all cookies and localStorage via your browser settings. Note: clearing the scope_refresh cookie will log you out.
  • Incognito / private browsing: localStorage is automatically cleared when the private window is closed.

5. Legal basis

The scope_refresh cookie is strictly necessary for the performance of our contract with you (GDPR Art. 6(1)(b)) and does not require separate consent.

The preference localStorage entries (scope-accent, scope_consent) are processed on the basis of your freely given, specific, informed, and unambiguous consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time as described in section 4.

6. Changes to this policy

If we add new cookies or change how existing ones are used, we will update this page, increment the policy version, and prompt existing users to review their consent choices.

Questions? Email privacy@scopemc.net

Full data processing details: Privacy Policy

Supervisory authority: Datatilsynet