ScopeGrid

Security

Security Policy

ScopeGrid is engineered for organizations where security, compliance, and data governance are non-negotiable. Here's how we protect your most sensitive business data.

Last updated: january 1, 2026

SOC 2 Type II

Ready Architecture

GDPR

Compliant

ISO 27001

Aligned Controls

HIPAA

Configurable

Data Encryption

  • AES-256 encryption for all data at rest
  • TLS 1.2+ for all data in transit
  • Database-level field encryption for sensitive fields
  • Encrypted backup storage with separate key management

Authentication & Access

  • Single Sign-On (SSO) via SAML 2.0 and OIDC
  • Multi-factor authentication (TOTP, SMS, hardware keys)
  • Role-Based Access Control (RBAC) enforced at API level
  • Session management with configurable expiry and IP binding

Audit & Monitoring

  • Immutable, tamper-evident audit logs for all platform actions
  • Real-time security event monitoring and alerting
  • User activity dashboards for Organization Administrators
  • Log retention for minimum 12 months (Enterprise: configurable)

Infrastructure Security

  • SOC 2 Type II certified infrastructure providers
  • Multi-region redundancy and automatic failover
  • Daily encrypted backups with 30-day point-in-time recovery
  • Network segmentation and private VPC architecture

Network & Application Security

  • Web Application Firewall (WAF) on all public endpoints
  • DDoS protection and rate limiting
  • IP allowlisting for organization-wide access control
  • Automated vulnerability scanning on every deployment

Incident Response

  • 24/7 security operations monitoring
  • Defined incident response playbooks
  • Customer notification within 72 hours of confirmed breach
  • Post-incident reports provided to affected Enterprise customers

Responsible Disclosure Program

We believe in the security research community and operate a responsible disclosure program. If you discover a potential security vulnerability in our platform, we encourage you to report it to us privately so we can address it promptly.

Please report security vulnerabilities to: security@scopegrid.io. Include a detailed description of the vulnerability, steps to reproduce, and any proof-of-concept if available. We will acknowledge receipt within 24 hours and provide a resolution timeline within 72 hours.

Employee Security

All ScopeGrid employees undergo background checks, complete mandatory security awareness training upon hire and annually, operate on a least-privilege access model, are prohibited from accessing customer data except for verified support purposes with customer consent, and are subject to strict confidentiality agreements. We maintain a zero-tolerance policy for unauthorized data access.