Scowtt Logo

Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

Overview

Trust built for privacy-first growth. Scowtt helps enterprise teams activate first-party CRM engagement and GA4 web analytics for predictive growth while keeping customer data purpose-limited, tenant-separated, and customer-controlled. Customer data is not sold, pooled, co-mingled, or used to train models for other organizations.

Documents

DOCUMENTSPenTestReport2025

Product Security

Security is built into the Scowtt platform through tenant isolation, role-based access, encryption, and continuous monitoring, with each customer processed in a dedicated GCP project.

Reports

SOC 2 report, penetration test summary, data-flow overview, and security questionnaire responses are available under NDA. Contact Security to request the enterprise security packet.

Self-Assessments

Scowtt supports enterprise security reviews through its Trust Center, offering the SOC 2 Type II report, pen test summary, and questionnaire responses under NDA.

Data Security

Customer data is encrypted with AES-256 at rest using AWS KMS or GCP Cloud KMS, and TLS 1.2 minimum in transit with TLS 1.3 prioritized.

App Security

Scowtt undergoes annual third-party external penetration testing. An executive summary is available under NDA.

Legal

Scowtt supports enterprise legal review with a Data Processing Addendum and subprocessor list available on request. Security and compliance materials, including SOC 2 and pen test documentation, are available under NDA.

Data Privacy

Scowtt uses customer-approved data only for that customer, never sells or pools it, and sends ad platforms only click IDs, predicted values, and hashed identifiers.

Infrastructure

Each client runs in a dedicated, isolated GCP project, so cross-tenant data access is not possible through normal operations. Subprocessors are limited to Google Cloud Platform, AWS, and Descope for token management, all reviewed for security and compliance.

Endpoint Security

Scowtt secures company-managed endpoints through centralized device management, encryption, screen-lock policies, and the ability to remote-wipe lost or compromised devices.

Network Security

Scowtt runs cloud-native infrastructure on AWS and GCP with logically separated environments and dedicated GCP projects for tenant isolation.

Corporate Security

Scowtt maintains a documented corporate security program covering personnel security, access control, and vendor management, reinforced through mandatory training.

Policies

Scowtt maintains a documented security policy framework covering access control, encryption, incident response, and business continuity, reviewed at least annually.

Incident Response

Scowtt targets notification within 72 hours of a confirmed reportable breach, followed by a post-incident review.

Risk Management

Scowtt's risk management program identifies, assesses, and monitors risks to customer data and platform security through vendor and vulnerability reviews.

Asset Management

Scowtt tracks technology assets across cloud resources, endpoints, and SaaS applications, with ownership assigned and inventories reviewed regularly.

BC/DR

Scowtt maintains business continuity and disaster recovery procedures using automated backups and point-in-time snapshots, with restoration tested at least annually.

Training

Scowtt personnel complete security awareness training upon hire and annually, covering phishing awareness, data handling, and incident reporting.

Change Management

Scowtt reviews, tests, and approves all production changes through version-controlled workflows with peer review and vulnerability scanning before deployment.

Physical & Environment

Scowtt does not operate physical data centers; production infrastructure runs on AWS and GCP under the shared responsibility model.

Continuous Monitoring

Scowtt monitors production systems, security events, and vulnerability findings continuously, with alerts triaged and escalated per incident response procedures.

Knowledge Base (FAQ)
  • Can Scowtt complete our security questionnaire?
  • What materials are available under NDA?
  • Do you perform penetration testing?
  • How is data encrypted?
  • How is production access controlled?
View more
Built onSafeBase by Drata Logo