Privacy Policy

Last updated: February 5, 2026

1. Introduction

BetterVue, operated by Oliver Birringer ("we", "us", "scoped"), is committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Austrian Data Protection Act (Datenschutzgesetz – DSG), and the Austrian Telecommunications Act (Telekommunikationsgesetz – TKG 2021). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the scoped platform.

This policy applies to all users of the Service, including visitors to our website, registered account holders, and administrators of organizations using scoped.

Data Controller (Verantwortlicher)

BetterVue — Oliver Birringer

Sobieskigasse 25/24, 1090 Wien, Austria

UID: ATU79027438

E-Mail: privacy@scoped.earth

2. What Data We Collect

2.1 Account Data

When you register for an account, we collect:

  • Full name
  • Email address
  • Organization name and type (municipality, company, etc.)
  • Role within the organization
  • Password (stored in hashed form; we never store plaintext passwords)
  • Language preference

2.2 Emissions and Business Data

When you use the Service, you may upload or enter data including:

  • Greenhouse gas emission data (Scope 1, 2, and 3)
  • Energy consumption records
  • Supplier information and supply chain data
  • Reduction targets and action plans
  • Reporting documents and attachments

This data is considered "Your Data" and remains your property. We process it solely to provide the Service to you.

2.3 Usage Data

We automatically collect certain technical data when you use the Service:

  • IP address (anonymized for analytics)
  • Browser type and version
  • Operating system
  • Pages visited and features used
  • Session duration and interaction patterns
  • Referring URL

2.4 Cookies and Similar Technologies

We use cookies in accordance with TKG 2021 §165(3). Details on specific cookies, their purpose, and duration are outlined in our Cookie Policy.

3. Why We Collect Data (Purposes)

  • Providing the Service: Account creation, authentication, emission calculations, report generation, and data storage
  • Communication: Sending transactional emails (account verification, password reset, important updates)
  • Improvement: Analyzing usage patterns to improve features, fix bugs, and enhance user experience (only with consent)
  • Security: Detecting and preventing unauthorized access, fraud, and abuse
  • Legal compliance: Meeting obligations under GDPR, DSG, and other applicable regulations
  • Support: Responding to your inquiries and providing technical assistance

4. Legal Basis for Processing (GDPR Art. 6 / DSG §1)

Processing ActivityLegal Basis
Account management and service deliveryContract performance (Art. 6(1)(b) GDPR)
Processing emissions dataContract performance (Art. 6(1)(b) GDPR)
Essential cookies and security measuresLegitimate interest (Art. 6(1)(f) GDPR / TKG §165(3))
Analytics and product improvement (PostHog)Consent (Art. 6(1)(a) GDPR / TKG §165(3))
Legal obligations and tax recordsLegal obligation (Art. 6(1)(c) GDPR / BAO §132)
Marketing communications (if opted in)Consent (Art. 6(1)(a) GDPR)

5. Analytics (PostHog)

We use PostHog for product analytics to understand how the Service is used and to improve it. PostHog is configured as follows:

  • Data is processed within the EU (eu.i.posthog.com)
  • IP addresses are anonymized
  • Analytics cookies are only set after explicit user consent via our cookie banner (TKG §165(3))
  • The "Do Not Track" browser signal is respected

You can opt out of analytics at any time by adjusting your cookie preferences or by enabling "Do Not Track" in your browser.

6. Who We Share Data With

We do not sell, rent, or trade your personal data. We share data only with the following categories of recipients:

  • Infrastructure providers: Cloud hosting and database services (data stored within the EU)
  • Authentication providers: Firebase Authentication for secure login (Google LLC, with EU SCCs)
  • Analytics: PostHog for product analytics (EU data residency, only with consent)
  • Email service providers: For transactional emails (account verification, notifications)
  • Legal authorities: When required by law, court order, or to protect our legal rights

All third-party processors are bound by data processing agreements (Auftragsverarbeiterverträge) per Art. 28 GDPR.

7. International Data Transfers

We store and process data primarily within the EU/EEA. If any data transfer outside the EU is necessary (e.g., Firebase Authentication), we ensure adequate safeguards are in place:

  • EU Standard Contractual Clauses (SCCs) per Art. 46(2)(c) GDPR
  • Adequacy decisions by the European Commission (Art. 45 GDPR)
  • EU-US Data Privacy Framework where applicable

8. Data Retention

Data TypeRetention Period
Account dataDuration of account + 30 days after deletion
Emissions and business dataDuration of account + 30 days for export
Usage and analytics data26 months (anonymized after)
Server logs90 days
Invoicing and tax records7 years (BAO §132 — Austrian fiscal retention requirement)

9. How We Protect Your Data

  • Encryption in transit: All data is encrypted using TLS 1.2+
  • Encryption at rest: All stored data is encrypted using AES-256
  • Access controls: Role-based access within the application and strict internal access policies
  • Authentication security: Passwords are hashed using bcrypt; multi-factor authentication is supported
  • Regular backups: Automated encrypted backups with point-in-time recovery
  • Monitoring: Continuous monitoring for unauthorized access attempts
  • Incident response: Documented procedures with mandatory breach notification to the Austrian DPA within 72 hours (Art. 33 GDPR)

10. Your Rights (GDPR Art. 15–22 / DSG §1)

Under the GDPR and the Austrian Data Protection Act, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to restriction (Art. 18): Request that we limit how we process your data
  • Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at privacy@scoped.earth. You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde): Datenschutzbehörde (dsb.gv.at).

11. Children's Privacy

The Service is not intended for individuals under the age of 14 (in accordance with DSG §4 Abs. 4, which sets the age of digital consent in Austria at 14). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 14, we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes at least 30 days in advance via email or through the Service.

13. Contact

If you have questions about this Privacy Policy or how we handle your data:

Data Protection Contact (Datenschutzbeauftragter)

Oliver Birringer

Sobieskigasse 25/24, 1090 Wien, Austria

E-Mail: privacy@scoped.earth