Security at Scoop
Thousands of people trust Scoop with their employee and workplace data
Scoop for Hybrid Work
Scoop partners with businesses to help them operate a hybrid remote and in-office workforce while maximizing safety, productivity, and engagement. Scoop's platform includes mobile apps and desktop extensions for employees and a web-based dashboard for customer admins. Read on to learn more about our data security and architecture.
SOC 2 & CCPA compliance
Scoop is SOC-2 Type II certified and CCPA compliant. All user account information is available for download or deletion upon request.
GDPR
Scoop utilizes enterprise-grade best practices to protect our customers' personal identifiable information, and uses Drata to verify its security, privacy, and GDPR compliance controls and requirements.
Data collection and communication
All data provided by employees or administrators via the Scoop mobile apps, desktop extensions, and Dashboard is encrypted in transit between the public internet and Scoop's networks in AWS (TLS 1.2). Data is also encrypted at rest using AWS-managed keys. User passwords are encrypted (salted and hashed) using modern encryption libraries, and multi-factor authentication is required for every account. Data submitted by clients is heavily validated for correctness, and system logs strive to never include sensitive information.
Download Scoop’s data processing agreement here
Network and system security
Scoop follows networking best practices, and follows the principle of least privilege when it comes to firewall rules. We rely on code-managed configuration of AWS’ Virtual Private Cloud. We encrypt traffic in transit, and don’t grant any special privileges to our office network.
Relying on sophisticated 3rd-party services, Scoop logs and monitors infrastructure events, application events, and access. This enables historic audit logging as well as providing threshold and rate alerting to indicate both performance and security events.
Service reliability and durability
Scoop uses Amazon Web Services to host the majority of its cloud infrastructure, including its databases and API servers. Scoop uses AWS-provided backup systems which are heavily tested and reliable. We do not store data in systems not managed by AWS.
Admin access controls
Scoop Dashboard access is restricted to administrators that are designated by a Scoop customer. All administrator accounts must be authenticated and access records are logged.
Data access controls
The Scoop team seeks to restrict access to all user information to only those on the team who require it in order to help provide the Scoop service.
Data guidelines, team protocols, and monitoring are evaluated in concert with Scoop’s legal counsel and maintained to the best of our knowledge.
Security datasheet
To learn more about our privacy and security practices, download our security datasheet.
