Trust built for privacy-first growth. Scowtt helps enterprise teams activate first-party CRM engagement and GA4 web analytics for predictive growth while keeping customer data purpose-limited, tenant-separated, and customer-controlled. Customer data is not sold, pooled, co-mingled, or used to train models for other organizations.
Product Security
Security is built into the Scowtt platform through tenant isolation, role-based access, encryption, and continuous monitoring, with each customer processed in a dedicated GCP project.
Reports
SOC 2 report, penetration test summary, data-flow overview, and security questionnaire responses are available under NDA. Contact Security to request the enterprise security packet.
Self-Assessments
Scowtt supports enterprise security reviews through its Trust Center, offering the SOC 2 Type II report, pen test summary, and questionnaire responses under NDA.
Data Security
Customer data is encrypted with AES-256 at rest using AWS KMS or GCP Cloud KMS, and TLS 1.2 minimum in transit with TLS 1.3 prioritized.
App Security
Scowtt undergoes annual third-party external penetration testing. An executive summary is available under NDA.
Legal
Scowtt supports enterprise legal review with a Data Processing Addendum and subprocessor list available on request. Security and compliance materials, including SOC 2 and pen test documentation, are available under NDA.
Data Privacy
Scowtt uses customer-approved data only for that customer, never sells or pools it, and sends ad platforms only click IDs, predicted values, and hashed identifiers.
Infrastructure
Each client runs in a dedicated, isolated GCP project, so cross-tenant data access is not possible through normal operations. Subprocessors are limited to Google Cloud Platform, AWS, and Descope for token management, all reviewed for security and compliance.
Endpoint Security
Scowtt secures company-managed endpoints through centralized device management, encryption, screen-lock policies, and the ability to remote-wipe lost or compromised devices.
Network Security
Scowtt runs cloud-native infrastructure on AWS and GCP with logically separated environments and dedicated GCP projects for tenant isolation.
Corporate Security
Scowtt maintains a documented corporate security program covering personnel security, access control, and vendor management, reinforced through mandatory training.
Policies
Scowtt maintains a documented security policy framework covering access control, encryption, incident response, and business continuity, reviewed at least annually.
Incident Response
Scowtt targets notification within 72 hours of a confirmed reportable breach, followed by a post-incident review.
Risk Management
Scowtt's risk management program identifies, assesses, and monitors risks to customer data and platform security through vendor and vulnerability reviews.
Asset Management
Scowtt tracks technology assets across cloud resources, endpoints, and SaaS applications, with ownership assigned and inventories reviewed regularly.
BC/DR
Scowtt maintains business continuity and disaster recovery procedures using automated backups and point-in-time snapshots, with restoration tested at least annually.
Training
Scowtt personnel complete security awareness training upon hire and annually, covering phishing awareness, data handling, and incident reporting.
Change Management
Scowtt reviews, tests, and approves all production changes through version-controlled workflows with peer review and vulnerability scanning before deployment.
Physical & Environment
Scowtt does not operate physical data centers; production infrastructure runs on AWS and GCP under the shared responsibility model.
Continuous Monitoring
Scowtt monitors production systems, security events, and vulnerability findings continuously, with alerts triaged and escalated per incident response procedures.
- Can Scowtt complete our security questionnaire?
- What materials are available under NDA?
- Do you perform penetration testing?
- How is data encrypted?
- How is production access controlled?

