Scout Data Privacy FAQ

Scout collects process & user interaction data to identify operational improvement opportunities for your organization​.

Yes. A user’s email, location, role, team, department are collected.  Email addresses are used as logins and for notifications.  The location, role, team, and department are used as classifiers for data collected.

Personally Identifiable Information (PII) is scrubbed when collected.

 Yes, data masking is used to replace PII data found during the scrubbing process.​

Digital identities are managed through an integrated IAM service using 256-bit encryption or integration with the customer’s SSO system. ​

All data is transmitted from the Data Agent to the Scout Portal using HTTPS and TLS1.2

Data is temporarily stored on the user’s workstation, then transmitted to the Scout Portal where it stored on a PostgreSQL. Data is always stored using AES-256 encryption.​

Data retention is configurable based on customers’ requirements.

Yes.  Soroco Security Incident Management Procedure.

After providing notification to clients authorized by relevant laws. ​

The customer controls who will have access to the data. Soroco users that are part of the engagement would get named access based on Scout’s Role-based access control. It encompasses Soroco Engineers, Soroco Customer Success team, and Soroco Business Analysts.​

Access to customer’s data on Scout is restricted with named access to those privileged users that are part of the project​.

All accesses to Scout environment is logged and audited.​