SECURITY / ACCESS CONTROLS

Internal tooling built to stay internal

Scope Out is accessible only to explicitly approved team members. There is no public sign-up, no discovery surface, and no path in for uninvited users. Here is exactly what controls that.

ACCESS GATE / AUTH-01

Two names on the list. Everyone else is turned away.

Sign-in is gated by a hardcoded email allowlist. Any authentication attempt from an address that isn't on the list is rejected at the server — not just hidden in the UI — with a clear 'access restricted' response. There is no public sign-up route, no invitation-request flow, and no way to enumerate accounts. The allowlist is the primary and only key.

  • Server-side allowlist check on every authentication attempt

  • Rejected attempts receive an explicit 'access restricted' message

  • No public sign-up — the root URL redirects straight to sign-in

  • Middleware enforces the redirect on every request before any page renders

Crawl dashboard — visible only after authenticated access

CONTROLS / ACTIVE

What the platform actually enforces

Allowlist authentication

Authentication is checked against a hardcoded approved-email list on every sign-in. No match — no access, regardless of password correctness.

Redirect-first routing

Authenticated users land on the dashboard. Unauthenticated requests are redirected to sign-in before any application data is exposed. Middleware handles this on every route.

No public discovery surface

There is no marketing funnel, no landing page, and no sign-up form. The product cannot be found or trialled by anyone outside the approved list.

DATA HANDLING / CRAWL-02

Crawlers that know their limits

Every web crawl Scope Out performs operates within a compliance layer: it reads and respects robots.txt before touching any domain, identifies itself with a declared user-agent, defaults to a 1 request/second rate limit, and backs off exponentially on 429 or 503 responses. Blocked domains are logged to the crawl record — not silently skipped.

  • robots.txt parsed and honoured before every crawl begins

  • Declared user-agent on all requests — no impersonation

  • Configurable per-domain rate limits (default: 1 req/sec)

  • Exponential back-off on rate-limit and server-error responses

  • Blocked domains logged with status code and reason to the crawl run record

Background jobs panel showing crawl pipeline status

DATA RETENTION / POLICY-03

Scraped data doesn't live forever

Raw scrape data has a configurable retention period (default: 90 days), after which it is purged. A minimum re-scrape interval (default: 7 days) prevents redundant re-collection. These are not UI labels — they are enforced in the background job layer via a last_scraped_at guard before any scrape job runs.

90-day default retention

Raw scraped product data is purged after 90 days by default. Admins can adjust the window in settings.

7-day re-scrape guard

A last_scraped_at check prevents redundant data collection within the minimum interval — enforced at the job layer, not just the UI.

Structured data model

All collected data is stored in typed, indexed Drizzle schema tables with clear separation between raw scrapes, scores, and generated dossiers.

AUTH-GATESign-in attempt rejected — email not on allowlistnow
CRAWL-WORKERrobots.txt fetched and parsed before crawl start — domain permitted0.2s
RATE-LIMITERRequest throttled to 1 req/sec — back-off applied on 4291.1s
RETENTION-JOBRaw scrape data purge triggered — records older than 90 days removed03:00
MIDDLEWAREUnauthenticated request to /dashboard — redirected to /sign-innow
SCRAPE-GUARDRe-scrape blocked — last_scraped_at within 7-day minimum interval5.3s
AUTH-GATEAllowlist check passed — session issued for approved usernow

OBSERVABILITY / OPS-04

Every crawl is a logged, auditable record

Crawl history tracks every run: which directory URL was crawled, when it ran, how many products were discovered and scored, how long it took, and whether it completed, failed, or ran partially. Scrape failures surface the actual error — status code, message, robots.txt block — not a silent gap in the data.

  • Full crawl history with timestamp, URL, product counts and status

  • Scrape errors show status code, error message and block reason

  • Failed products surfaced in dashboard with retry option

  • AI cost tracked per crawl run with configurable spend alerts

  • Dossier version history records every re-score — changes are traceable

Jobs dashboard showing background task status and history

HONEST LIMITS / TRUST-05

What we can say and what we can't

Scope Out is an internal intelligence tool, not a regulated data processor or enterprise SaaS product. The controls that exist are real and enforced. We do not claim SOC 2, ISO 27001, GDPR certification, or any third-party audit we haven't completed. If your team needs specifics not described here, email us at sf-core-org-support-agentos-scope-out@saas-factory.ai and we will give you a straight answer.

FAQ / SECURITY

Common questions

ACCESS RESTRICTED — BY DESIGN

Questions about access or data handling?

Scope Out is built for a small, known team. If something about the controls above isn't clear, reach out directly at sf-core-org-support-agentos-scope-out@saas-factory.ai. We will give you a plain answer, not a sales pitch.