Security / trust

Security

ScopeDue is built around a simple trust promise: client approvals, payment status history, uploaded proof, and handoff events should stay organized, controlled, and private by default. Approval links are designed for specific client workflows, not public browsing. Clients can review, approve, decline, ask questions, mark payment sent, or upload proof; the freelancer still controls final payment confirmation and release decisions.

Last reviewed: May 26, 2026 · Market: United States · Page purpose: Trust

View security approach Read privacy policy

Approval links are scoped

Client links are meant to show the relevant request, payment step, or proof event—not your full workspace.

Payment status needs confirmation

A client can say “I paid,” but only the freelancer confirms received payment inside the ledger.

Private records stay private

Dashboards, client-specific projects, and generated proof records should not be indexed as public SEO pages.

Plain-language note: this page explains ScopeDue’s security and privacy approach without claiming certifications, guarantees, or legal outcomes. ScopeDue helps freelancers create a clear business record of approvals, payments, and handoff events. It is not a substitute for legal, tax, or accounting advice.

Security approach

What ScopeDue protects

ScopeDue handles sensitive freelancer workflow records: original scope notes, priced change requests, client approval events, payment item history, uploaded proof, handoff status, and Proof Pack exports. The goal is to keep each record clear enough for business use while avoiding unnecessary exposure of private client or project details.

Approval trail

Each approval event should be tied to the specific project, request, client action, status change, and timestamped record that created it.

  • approve
  • decline
  • question
  • status history

Payment ledger

The payment ledger separates client-marked-paid from freelancer-confirmed-received so an approved but unpaid item is not treated as ready to work.

  • requested
  • pending confirmation
  • overdue
  • paid

Proof Pack records

Proof Packs are designed to summarize approvals, payment events, receipt references, notes, and handoff decisions for project closeout or recordkeeping.

  • timeline
  • proof
  • handoff
  • export
Approval links

How client approval link access works

A client approval link should be specific to one project, change request, payment item, source file release request, or handoff event. The client should see the information needed to make a decision, not the freelancer’s entire workspace. For live product use, access controls may include tokenized links, link expiration, revocation, and lightweight identity checks such as email magic link or Google sign-in.

Example approval link access model Client-specific

Client can see

  • What changed and why it is outside the original scope record.
  • The price, timeline impact, and payment requirement.
  • Approve, decline, or ask a question actions.
  • Payment instructions, if payment is required before work or handoff.
  • Upload proof or mark payment sent, if that step applies.

Client should not control

  • Final paid status, because the freelancer confirms received payment.
  • Freelancer pricing after the request is approved.
  • Private workspace settings, unrelated clients, or other projects.
  • Deleting payment history, approval history, or handoff events.
  • Public indexing of private project or proof records.

For a public, non-client-specific example, see the sample approval link.

Decision table

Security choices by workflow area

ScopeDue’s trust model is practical: reduce accidental exposure, keep records tied to events, and avoid pretending that a business record is the same thing as legal protection or automatic payment collection.

Area Security approach Why it matters
Client approval links Use scoped links for specific approval, payment, or handoff steps; allow revocation or expiration where supported. Clients get a simple page without exposing the whole workspace.
Payment status Record payment events instead of relying on one fragile paid/unpaid field. “Client marked paid” and “freelancer confirmed received” remain separate events.
Uploads and proof Attach relevant proof to the correct payment, approval, or handoff event; validate uploads and keep file records tied to the workspace. Receipts and proof stay connected to the event they support.
Private routes Keep app dashboards, private client pages, user-specific approval links, and generated proof records out of public indexing. Search engines should index public help and product pages, not private project records.
Proof Pack export Use deterministic sections such as scope, changes, payment history, uploads, handoff status, and export timestamp. Freelancers get a clear business record without overstating legal effect.
Support path Provide a clear contact route for suspected link exposure, upload mistakes, or account access questions. Users need a practical next step when something looks wrong.
Uploads and proof

How file uploads and payment proof should be handled

Use uploads for record support

Uploads should support a specific approval, payment, or handoff event. Examples include a payment receipt, confirmation screenshot, final handoff reference, or client-supplied proof that a payment was sent.

  1. Attach proof to the right item. A receipt belongs to the payment item it supports, not a random project note.
  2. Keep unnecessary details out. Do not upload documents that are not needed for the approval, payment, or proof record.
  3. Let the freelancer confirm receipt. Uploaded proof does not by itself mean the funds were received.

Do not use ScopeDue as a sensitive document vault

ScopeDue is for client change approvals, payment status history, handoff events, and proof records. It is not intended to store unnecessary sensitive documents, identity documents, medical records, payroll records, tax filings, or unrelated private files.

For privacy boundaries, review the Privacy Policy. For legal, tax, and accounting limits, review the Legal Disclaimer.

Private by default

Public pages and private records are different

ScopeDue publishes public pages such as the homepage, product feature pages, help docs, legal pages, and static samples. User-specific pages are different: private dashboards, client-specific approval links, generated proof records, and client project pages should not be treated as public SEO content.

Public and indexable examples

Private or noindex examples

  • App dashboard routes.
  • Client-specific project pages.
  • One-off approval links created for a client.
  • Generated Proof Packs for a real project.
  • Internal search, filters, and account-only views.
User controls

Controls freelancers should expect

Security is not only infrastructure. It also depends on clear workflow controls that help freelancers avoid accidental approval, payment, or handoff mistakes.

Link control

Approval links should be revocable, scoped to a specific record, and separate from the freelancer’s private workspace.

Payment control

The freelancer confirms received payment before a payment-required change becomes ready to start or a locked handoff is released.

Proof control

The freelancer decides what sections belong in a Proof Pack export, such as scope, approvals, payment events, receipts, and handoff status.

Operating principle: an approval record should make the next business step clearer without exposing unrelated clients, unrelated files, private dashboard data, or unsupported legal claims.

Responsible limits

What ScopeDue does not promise

Not a payment guarantee

ScopeDue can show payment requested, client marked paid, proof uploaded, freelancer confirmed received, overdue, disputed, waived, or refunded. It does not guarantee that a client will pay.

Not a payment processor

ScopeDue’s core workflow is payment status tracking and proof. It should not be described as automatically collecting payment unless a verified payment integration is added and documented.

Not a legal shield

A clear business record can reduce confusion, but it does not replace a contract, attorney, tax advisor, accountant, or formal dispute process.

No certification claims here

This page does not claim SOC 2, ISO 27001, HIPAA, PCI compliance, penetration testing, or uptime guarantees. Any future claims should be added only with verifiable support.

If something looks wrong

Practical steps for link or upload concerns

Security support path Actionable
  1. Stop sharing the link. If a client approval link may have been sent to the wrong person, avoid forwarding it again.
  2. Revoke or replace the link where available. Create a fresh approval link when the original access path should no longer be used.
  3. Review the payment ledger. Check whether a client marked paid, uploaded proof, or asked a question before you continue work.
  4. Check handoff status. Do not release final files or source files until the required payment is confirmed on your side.
  5. Contact support. Use the contact page for account access, upload, privacy, or link exposure questions.
Freelancer checklist

Before sending a client approval link

This checklist helps keep the record clean before a client reviews a priced change request, extra revision approval, source file release request, or final handoff condition.

  • Confirm the request title describes exactly what the client asked for.
  • Add the price, currency, and timeline impact before asking for approval.
  • Mark whether payment is required before work starts or before handoff.
  • Attach only files that are needed for the approval or payment proof record.
  • Check that the approval link is for the correct client and project.
  • Do not treat “client marked paid” as received until you confirm payment on your side.
  • Use the Proof Pack to preserve the approval, payment, and handoff timeline when the project closes.
FAQ

Security questions

Are ScopeDue approval links public pages?

No. Public pages such as samples and help articles can be indexed, but client-specific approval links, project pages, dashboards, and generated proof records should be private or noindex by default.

Can a client confirm that a payment is fully received?

No. A client can mark payment as sent and upload proof, but the freelancer must confirm that payment was received before the item becomes paid or a locked handoff is released.

Should freelancers upload sensitive documents to ScopeDue?

Freelancers should upload only the files needed to support an approval, payment event, handoff event, or Proof Pack. ScopeDue is not meant to store unnecessary sensitive documents.

Does ScopeDue replace legal, tax, or accounting advice?

No. ScopeDue helps create a clear business record of approvals, payment events, and handoff decisions. It is not a substitute for legal, tax, or accounting advice.

Does this page claim SOC 2, ISO 27001, or HIPAA certification?

No. This page does not claim SOC 2, ISO 27001, HIPAA, or similar certifications. If ScopeDue adds verifiable certifications later, this page should be updated with the details.

Create a clear record before the work continues.

Use ScopeDue to send a priced approval link, track whether payment is required, let the client mark payment sent, confirm receipt yourself, and keep a Proof Pack record of what happened.

View security approach View sample approval link
Related trust pages

Read next

Security, privacy, legal limits, and support should work together. These pages explain the surrounding trust boundaries for ScopeDue.

Privacy Policy Terms of Service Legal Disclaimer Help Center Contact Status

Related workflow links

Use these supporting pages to move from the current topic into the next approval, payment, proof, or handoff step.