Skip to main content

Scoot Security and Privacy

Your customer insights and data are safe with Scoot. We employ enterprise-grade security measures and technology to protect your virtual meetings, conversations, and data. Scoot is built with security and privacy at its core, ensuring that your business-critical information remains protected at all times.

Enterprise-Grade Security

Scoot is an enterprise-grade platform that is reliable, secure, and scalable. We prioritize security and trust in everything we do, from our platform architecture to our operational practices.

Our Security Commitment

We are extremely focused on guaranteeing that your data remains secure through:
  • Data Encryption: All data is encrypted in transit and at rest
  • Secure Applications: Rigorous application security practices
  • Continuous Monitoring: Keeping a keen eye on everything 24/7
  • Infrastructure Partnership: We partner with Amazon Web Services (AWS) to handle physical facilities, hardware, networking, and virtualization platform security

Compliance and Certifications

SOC 2 Type II Certified

Scoot is SOC 2 Type II certified, demonstrating our commitment to the highest security standards. What This Means:
  • We’re certified by independent security experts
  • Confirms that we follow security best practices for keeping your data safe
  • Regular audits of our security controls and procedures
  • Validated operational effectiveness over time
  • Trust Services Criteria compliance (Security, Availability, Confidentiality)
Why It Matters:
  • Provides third-party validation of our security posture
  • Meets enterprise procurement requirements
  • Demonstrates ongoing commitment to security
  • Ensures consistent security practices across the organization

GDPR Compliance

Scoot is fully compliant with the General Data Protection Regulation (GDPR), the European Union’s comprehensive data privacy law. Our GDPR Approach:
  • Privacy by Design: We meticulously designed and architected our software to pass the most stringent privacy and security standards
  • Data Protection: Robust controls for protecting personal data
  • User Rights: Support for data subject rights (access, deletion, portability)
  • Data Minimization: We only collect and process necessary data
  • Transparency: Clear communication about data usage
  • Consent Management: Proper consent mechanisms for data processing
User Rights Under GDPR:
  • Right to access your data
  • Right to correct inaccurate data
  • Right to delete your data
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing

CCPA Compliance

Scoot complies with the California Consumer Privacy Act (CCPA), protecting the privacy rights of California residents. CCPA Protections:
  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to access personal information
  • Right to equal service and price
  • Right to deletion of personal information

Security Testing and Validation

Periodic Penetration Testing

We regularly conduct penetration testing to ensure the security of our platform: Testing Approach:
  • Regular Schedule: Periodic testing to identify vulnerabilities
  • Expert Testing: Conducted by qualified security professionals
  • Proactive Security: Find and fix vulnerabilities before they can be exploited
  • Continuous Improvement: Use findings to strengthen security
  • Comprehensive Scope: Tests cover applications, infrastructure, and network security
Benefits:
  • Identifies security weaknesses before attackers do
  • Validates effectiveness of security controls
  • Provides assurance to enterprise customers
  • Demonstrates commitment to proactive security

Security Monitoring

Scoot maintains continuous security monitoring:
  • Real-time threat detection
  • Automated security alerts
  • Log analysis and correlation
  • Incident response procedures
  • Security event tracking
  • Anomaly detection

Data Security Measures

Encryption

Data in Transit:
  • All data transmitted between users and Scoot servers is encrypted
  • TLS/SSL protocols for secure communication
  • Encrypted API connections
  • Secure WebRTC for audio and video streams
Data at Rest:
  • All stored data is encrypted
  • Encryption of databases and file storage
  • Protected backup systems
  • Secure key management

Access Controls

User Access:
  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) support
  • Single Sign-On (SSO) integration
  • Granular permission settings
  • Session management and timeouts
Administrative Access:
  • Least privilege principle
  • Segregation of duties
  • Audit logging of administrative actions
  • Secure authentication for administrative access

Database Security

  • Database redundancy across multiple geographical regions
  • Automated backups
  • Encrypted database connections
  • Secure database configuration
  • Regular security patching

Infrastructure Security

AWS Partnership

Scoot partners with Amazon Web Services (AWS) to provide world-class infrastructure security: AWS Provides:
  • Physical Security: Secure data center facilities
  • Hardware Security: Certified hardware infrastructure
  • Network Security: DDoS protection and network isolation
  • Virtualization Security: Secure virtualization platform
  • Compliance: AWS compliance certifications support Scoot’s compliance posture
Benefits of AWS:
  • Industry-leading security infrastructure
  • Global availability and redundancy
  • Proven track record with enterprise customers
  • Regular security updates and patches
  • Advanced threat detection and mitigation

Network Security

  • Firewall protection
  • Intrusion detection and prevention systems
  • DDoS mitigation
  • Network segmentation
  • Virtual Private Cloud (VPC) architecture
  • Traffic monitoring and analysis

Application Security

Secure Development Practices

Scoot follows secure software development lifecycle (SDLC) practices:
  • Security by Design: Security considered from the beginning
  • Code Reviews: Regular security-focused code reviews
  • Static Analysis: Automated code security scanning
  • Dynamic Testing: Runtime security testing
  • Dependency Management: Regular updates of third-party libraries
  • Vulnerability Remediation: Prompt fixing of identified issues

Application-Level Security

  • Input validation and sanitization
  • Protection against common vulnerabilities (OWASP Top 10)
  • Secure session management
  • Cross-Site Scripting (XSS) prevention
  • Cross-Site Request Forgery (CSRF) protection
  • SQL injection prevention
  • Secure API design

Privacy Controls

Recording in Scoot works with clear user consent and visibility: User Protection:
  • Users are informed when a meeting is being recorded
  • Visual recording indicators displayed in the interface
  • Hosts have full control over recording capabilities
  • Nothing is recorded unless the host initiates recording
  • Same standards as legacy meeting platforms

Data Collection Options

Scoot provides flexible data collection controls: Your Data, Your Choice:
  • Anonymization: Data can be fully anonymized
  • Smart Badge Association: Associate data with imported Smart Badge information (title, department, tenure)
  • Custom Tagging: Tag and weight data based on your objectives
  • Granular Control: Choose what data to collect and how to use it

Data Storage Options

Flexible Architecture:
  • Fully hosted by Scoot
  • Customer-managed cloud storage (AWS, Azure, Google Cloud, Oracle)
  • Custom data cloud configurations
  • Geographic data segmentation options
  • Compliance with data residency requirements

Privacy Features

Meeting Privacy Controls

Hosts can configure privacy settings for meetings:
  • Guest admission controls
  • Waiting room functionality
  • Host admission requirements
  • Recording permissions
  • Screen sharing restrictions
  • Chat moderation
  • Attendee permissions

Data Retention

  • Configurable data retention policies
  • Automatic data deletion options
  • Export capabilities before deletion
  • Compliance with legal requirements
  • Backup retention controls

Incident Response

Security Incident Management

Scoot maintains a comprehensive incident response program:
  • Incident Response Team: Dedicated team for security incidents
  • Response Procedures: Documented incident response procedures
  • Communication Plan: Clear communication with affected parties
  • Remediation: Prompt remediation of security issues
  • Post-Incident Review: Learn and improve from incidents

Business Continuity

  • Disaster recovery planning
  • Regular backup testing
  • High availability architecture
  • Redundant systems
  • Failover capabilities

Compliance Programs

Ongoing Compliance

Scoot maintains ongoing compliance programs:
  • Regular security audits
  • Compliance monitoring
  • Policy reviews and updates
  • Employee training on security and privacy
  • Vendor security assessments

Documentation

  • Security policies and procedures
  • Privacy policies
  • Data processing agreements
  • Security documentation for customers
  • Compliance reports available upon request

Security for Integrations

All Scoot integrations maintain the same high security standards:
  • Encrypted data transfer
  • Secure API authentication
  • OAuth 2.0 support
  • Granular integration permissions
  • Audit logging of integration activities
  • Regular security reviews of integrations
For more information, see Scoot Integrations Guide.

Customer Responsibilities

Shared Responsibility Model

While Scoot provides robust security, customers also play a role: Scoot’s Responsibilities:
  • Platform security
  • Infrastructure security
  • Data encryption
  • Compliance certifications
  • Security monitoring
Customer Responsibilities:
  • User access management
  • Strong password policies
  • Appropriate data classification
  • Meeting security settings
  • User training on security practices

Best Practices for Customers

Account Security:
  • Use strong, unique passwords
  • Enable multi-factor authentication
  • Use SSO when available
  • Regularly review user access
  • Deactivate accounts promptly when no longer needed
Meeting Security:
  • Enable waiting rooms for sensitive meetings
  • Use host admission controls
  • Only record when necessary
  • Inform participants about recording
  • Share meeting links securely
Data Security:
  • Classify data appropriately
  • Don’t share sensitive information unnecessarily
  • Use Smart Badge controls appropriately
  • Review data retention settings
  • Export and delete data when no longer needed

Reporting Security Issues

Responsible Disclosure

If you discover a security vulnerability in Scoot:
  • Contact Us: Report to Scoot security team immediately
  • Provide Details: Include reproduction steps and impact assessment
  • Confidentiality: Keep vulnerability confidential until resolved
  • Acknowledgment: We acknowledge and validate reports promptly
  • Resolution: We work to resolve issues quickly
Contact Scoot support or your account manager to report security concerns.

Security Resources

Documentation and Support

  • Security documentation available through Help Center
  • Security questionnaires for enterprise procurement
  • Data Processing Agreements (DPAs) available
  • Security whitepaper available upon request
  • Regular security updates and advisories

Questions About Security

For security-related questions:
  • Contact your Scoot account manager
  • Reach out to Scoot support
  • Request security documentation
  • Schedule a security review meeting
  • Review the Privacy Policy
  • Review the Terms of Use
To learn more about security and privacy in Scoot:

Frequently Asked Questions

Is Scoot secure for enterprise use? Yes, Scoot is SOC 2 Type II certified and designed for enterprise customers with rigorous security requirements. We employ industry-leading security practices and partner with AWS for infrastructure security. Is Scoot GDPR compliant? Yes, Scoot is fully GDPR compliant. We’ve designed our platform from the ground up to meet the most stringent privacy standards. Is Scoot CCPA compliant? Yes, Scoot complies with the California Consumer Privacy Act (CCPA). How is my data encrypted? All data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption. This includes video, audio, chat, and all other data. Where is my data stored? Data can be stored in Scoot-managed systems or in your own cloud environment (AWS, Azure, Google Cloud, Oracle, or custom). Geographic options are available to meet data residency requirements. Who can access my data? Only authorized users within your organization can access your data. Scoot employees have limited access on a need-to-know basis for support and maintenance purposes only. Does Scoot perform security testing? Yes, Scoot conducts regular penetration testing and security assessments to identify and remediate vulnerabilities proactively. Can I get a copy of your security certifications? Yes, SOC 2 Type II reports and other security documentation are available to enterprise customers. Contact your account manager or Scoot sales. What happens if there’s a security incident? Scoot has a comprehensive incident response program. We would notify affected customers promptly, remediate the issue, and provide details about the incident and our response. Do you support SSO and MFA? Yes, Scoot supports Single Sign-On (SSO) with major providers (Okta, Ping, Auth0, OneLogin, etc.) and multi-factor authentication for enhanced security.
Learn more about Scoot’s security and privacy commitment: Your customer insights and data are safe with us.