Privacy Policy

1. Who We Are

SCOVR is a privacy-first communication platform. The data controller is:

Contact details are at the bottom of this page.

2. What We Collect and Why

We collect only what you voluntarily give us to make the service work. Nothing is inferred, observed, or derived behind your back.

• Waitlist: your first name and email address, so we can send you one launch notification when SCOVR opens.
• Account: your name, email, and a hashed (irreversible) password, so you can sign in securely.
• Messages and files: the content you send through the platform, encrypted end-to-end. We cannot read it.

That is the entire list. There is no hidden collection.

3. What We Do Not Collect

Most companies collect the following as a matter of course. We do not.

There are no third-party analytics or advertising scripts on any SCOVR page.

4. Cookies

We use cookies for exactly one purpose: keeping you signed in.

• Session cookie: identifies your authenticated session. Deleted when you sign out or close your browser.
• CSRF token: a security token that prevents cross-site request forgery. Required for the platform to function safely.

There are no analytics cookies, no advertising cookies, and no third-party cookies of any kind. You will never see a cookie consent banner on SCOVR because there is nothing to consent to beyond what is strictly necessary.

5. How We Use Your Data

The data you provide is used solely for the purpose you gave it for:

• Waitlist email → one launch notification, then nothing unless you ask.
• Account credentials → signing you in and keeping your account secure.
• Messages and files → delivering them to the intended recipient. We never read them.

We do not use your data for marketing, product research, or any purpose other than operating the service you signed up for.

6. Who We Share Data With

Nobody, commercially. We do not sell, rent, license, or trade personal data to any third party under any circumstances.

The only limited exceptions:

• Infrastructure providers: hosting providers that store and transmit your data solely on our behalf, under strict data processing agreements. They may not use your data for their own purposes.
• Legal obligation: if a court or regulatory authority requires disclosure, we will comply with the minimum necessary and notify you unless prohibited by law.
• Saudi Arabia — lawful intercept (metadata only): under the Saudi Telecommunications Act and applicable Saudi law, SCOVR may be required to disclose connection metadata to Saudi authorities. This means sender and recipient identifiers, timestamps, and connection duration. It does not mean message or file content — that is end-to-end encrypted and we cannot access or disclose it under any circumstances.

7. Retention

We keep data only for as long as it serves the purpose you gave it for:

• Waitlist: deleted within 30 days of launch, or immediately on your request.
• Account: held for the life of your account. Deleted within 30 days of closure.
• Messages and files: retained per your account settings and deleted immediately when your account closes.

8. Where Your Data Lives

Your data is stored in the region where you use SCOVR. It does not move between regions.

• Saudi Arabia: data of users in the Kingdom of Saudi Arabia is hosted on servers located within Saudi Arabia.
• Europe and elsewhere: data of users in Europe and other regions is hosted on servers within the EU/EEA.

We do not transfer Saudi resident data to European servers, and we do not transfer European resident data to Saudi servers.

9. Security

All data in transit is protected by TLS 1.3. All data at rest is encrypted with AES-256. Passwords are hashed using a modern one-way function; we cannot recover your password, and neither can anyone else.

Messages are encrypted end-to-end. SCOVR infrastructure has no access to the content of your conversations.

We run our own mail infrastructure on-premise. Your email address is never handed to a US-based email delivery service.

10. Your Rights

Under GDPR you have the following rights. To exercise any of them, please use the contact form at the bottom of this page. We will respond within 30 days.

11. Children

SCOVR is not directed at anyone under 16. If you believe a child has registered, please use the contact form below and we will delete the account immediately.

12. Language Versions

This policy is available in English. An Arabic version is provided for users in Saudi Arabia. Where there is any conflict between the English and Arabic versions, the English version prevails.

13. Changes to This Policy

If we ever change this policy in a way that affects your rights or expands what we collect, we will email you at least 14 days in advance. The effective date at the top of this page will be updated. We will not retroactively apply new terms to data collected under prior terms.

14. Contact

Questions about this Privacy Policy or a data subject request? Use the form below and our privacy team will get back to you within 30 days.