Setting the Gold Standard in Privacy

We understand that you are entrusting us with one of your most valuable assets – your data. At Soroco, we strive to earn and keep your trust. Over the years, we have invested heavily in embedding data privacy & security as the core fundamentals of our Task Mining platform Scout.

Privacy Page Banner image

A sound foundation is the only way ahead

The Scout approach to privacy is grounded in a commitment to enable organizations to build a sound and ethical foundation for Task Mining journey. We have evolved 4 principles that we believe are necessary.

Principle 1: Opt-in

You own and control your data

The Scout approach to privacy and data protection is grounded in commitment to the principle of voluntary and visible contribution of data to our algorithms.  Everything we do is “opt-in” for the end-user. When you install Scout, there is nothing that gets captured without your knowledge and consent. Scout is transparent in enabling every user to see the apps and URLs being accessed, and to pause at will.

Principle 1: Opt-in
Icon 1 1

By default, Scout collects nothing. You have to actively specify the data collection touch-points such as applications and specific URLs (allow list) a user interacts with

Icon 2

You can stop/pause Scout on your machine at any time

Icon 3

You can access insights on your own data at any time and for any reason

Icon 4

At any given time, users can request to be forgotten and have any links to personally identifiable information removed.

Icon 5

If you discontinue the service, Soroco follows strict standards for removing your data

Principle 2: Teams

It’s all about teams, and not about individuals

Scout is a shared repository of people’s anonymized experiences at work. In order to build this community, Scout is committed to protecting the dignity, and the privacy of each contributing user. Therefore, all the insights available on the Scout portal focus on teams and not individuals

Principle 2
Icon 1

User IDs are anonymized in memory, at the point of collection. There is no way to know an individual’s name, login ID or email address through the Scout portal

Icon 1 3

Data collected by Scout is immediately encrypted and is sent to the Scout Portal in batches inside an encrypted communications channel

Icon 3

When received by the Scout Portal, data is unencrypted, processed and stored with server encryption keys

Principle 3: PII

Most advanced built-in Privacy Filters

Fortune 500 customers in regulated and sensitive sectors have deployed Scout on their most important teams and business processes. Scout has a continual focus on the proper handling of sensitive data to meet internal and regulatory requirements of our customers and users. It’s a state-of-the-art solution with focus to protect PII thus reducing and eliminating risks related to data breach.

 

Principle 3
Icon 1 3

Standard sensitive information collected is immediately scrubbed at the OS level, at the point of data collection itself – and it never actually gets inside the Scout server

Icon 2

Scout does not use computer vision / OCR as a primary data collection method

Icon 3

No additional privacy gateway is sought by Scout to deliver PII filters. PII filters are built into the data platform from point of data collection onwards

Icon 1 3

Custom regular expressions can be created to further expand the scrubbing criteria at the server

Icon 5 1

Scout supports additional granular PII filters through its SODA API interface

Scout provides the ability to define additional custom scrubbing criteria as needed using supported methods

How do we use personal information?

GDPR has 4 separate areas they call out for a privacy statement:

What data do we collect

How do we collect the data

How the data will be used

How the data is stored

Based on their recommendation the personal information we collect is user email addresses, location, roles, and team. All of this data is entered by the customer manager. The email address is used by Scout to allow individuals to login in to provide notifications, the rest of the information is used to aggregate data for use in the Scout Portal. All data is encrypted as it is stored.

On what basis is the collection and processing of data done

We may process your personal data only after receiving specific consent as we understand the nature and sensitivities around personal data. Besides, all collection and processing of personal data are done when there is a reasonable necessity to achieve a legitimate business interest.

We would also process data of personal nature in order to fulfill contractual obligations.  

 

Principle 4: Hosting Flexibility

Additional layer of control on data at rest

Scout gives you control over where you want to host Scout – either on Soroco’s or on your AWS/Azure cloud instance. If our customers were to host, this means they have complete control over the Scout data at rest – and continue to rely on their own organization’s security and firewall practices. If you would like us to host, Soroco deploys combinations of preventive, defensive, and reactive controls to help protect against unauthorized activities and access.

Principle 4
Icon 1 4

Scout cloud install is GDPR compliant

Icon 2 3

Scout can be hosted by Soroco at no extra cost to you

Icon 3

Scout can be hosted in the legal jurisdiction of your choosing

Soroco deploys combinations of preventive, defensive, and reactive controls to help protect against unauthorized activties. Data is stored on a secured cloud or in a legal jurisdiction of the clients’ choosing

Certifications

icon