Security checks are baked into our software development lifecycle and secure baselines are automatically enforced.
Security checks are baked into our software development lifecycle and secure baselines are automatically enforced.
Secure development lifecycle.
All development projects at Scoop follow secure development lifecycle principles.
AppSec Testing
We perform static and dynamic software application security testing of all code, including open source libraries, as part of our software development process.
Role-Based-Access-Control
We implement role-based access controls and the principles of least privileged access, and revoke access as needed.
Penetration testing
Scoop deploys third party penetration testing and vulnerability scanning of all production and internet facing systems on a regular basis.
Cloud Security
Scoop leverages native physical and network security features of the cloud, enabling providers to maintain the physical access policies and procedures.
Is Scoop SOC2 Compliant?
Yes, Scoop is SOC2 Type II and SOC3 compliant. To access our reports contact security@takescoop.com
Is your data encrypted?
Data is encrypted in transit between the public internet and Scoop's networks in AWS (TLS 1.2). Data is also encrypted at rest using AWS-managed keys. User passwords are encrypted (salted and hashed) using modern encryption libraries, and multi-factor authentication is required for every account. Data submitted by clients is heavily validated for correctness, and system logs strive to never include sensitive information
What data do you store?
For full information on the data Scoop collects, how we use it and how we protect your privacy please see our privacy policy.
Is Scoop GDPR Compliant?
Yes, Scoop is GDPR compliant, however we currently only support data residency in the United States. Download Scoop's data processing agreement here.
Where can I find the list of Data Subprocessors?
You can navigate to to see the most recent list of data sub processors at Scoop Sub Processors.
Can you provide a pen test report?
The latest penetration test report can be provided to customers by emailing security@takescoop.com.
How can I report Security issues?
We review security issues as soon as possible and you can report them by emailing security@takescoop.com.
An automation-led approach allows us to confidently prove our security and compliance posture any day of the year and fosters a culture of compliance.