Scout Data Privacy FAQ
Scout collects process & user interaction data to identify operational improvement opportunities for your organization.
Yes. A user’s email, location, role, team, department are collected. Email addresses are used as logins and for notifications. The location, role, team, and department are used as classifiers for data collected.
Personally Identifiable Information (PII) is scrubbed when collected.
Yes, data masking is used to replace PII data found during the scrubbing process.
Digital identities are managed through an integrated IAM service using 256-bit encryption or integration with the customer’s SSO system.
All data is transmitted from the Data Agent to the Scout Portal using HTTPS and TLS1.2
Data is temporarily stored on the user’s workstation, then transmitted to the Scout Portal where it stored on a PostgreSQL. Data is always stored using AES-256 encryption.
Data retention is configurable based on customers’ requirements.
Yes. Soroco Security Incident Management Procedure.
Yes, every time.
Yes, every time.
Yes. Soroco notifies customers if incidents occur.
Yes, to the extent not prohibited by applicable law.
After providing notification to clients authorized by relevant laws.
Yes, logs and resources are not shared between customers.
The customer controls who will have access to the data. Soroco users that are part of the engagement would get named access based on Scout’s Role-based access control. It encompasses Soroco Engineers, Soroco Customer Success team, and Soroco Business Analysts.
Access to customer’s data on Scout is restricted with named access to those privileged users that are part of the project.
All accesses to Scout environment is logged and audited.
Yes. As per the client’s requirement/project requirement SLA may differ.