Security at Scoop

We don’t take chances when it comes to your team’s security

Scoop for Hybrid Work

Scoop partners with businesses to help them operate a hybrid remote and in-office workforce while maximizing safety, productivity, and engagement. Scoop's platform includes mobile apps and desktop extensions for employees and a web-based dashboard for customer admins. Read on to learn more about our data security and architecture.

Scoop for Hybrid Work

SOC 2 & CCPA compliance

Scoop is SOC-2 Type II certified and CCPA compliant. All user account information is available for download or deletion upon request.

Data collection and communication

All data provided by employees or administrators via the Scoop mobile apps, desktop extensions, and Dashboard is encrypted in transit between the public internet and Scoop's networks in AWS (TLS 1.2). Data is also encrypted at rest using AWS-managed keys. User passwords are encrypted (salted and hashed) using modern encryption libraries, and multi-factor authentication is required for every account. Data submitted by clients is heavily validated for correctness, and system logs strive to never include sensitive information.

Network and system security

Scoop follows networking best practices, and follows the principle of least privilege when it comes to firewall rules. We rely on code-managed configuration of AWS’ Virtual Private Cloud. We encrypt traffic in transit, and don’t grant any special privileges to our office network.

Relying on sophisticated 3rd-party services, Scoop logs and monitors infrastructure events, application events, and access. This enables historic audit logging as well as providing threshold and rate alerting to indicate both performance and security events.

Service reliability and durability

Scoop uses Amazon Web Services to host the majority of its cloud infrastructure, including its databases and API servers. Scoop uses AWS-provided backup systems which are heavily tested and reliable. We do not store data in systems not managed by AWS.

Admin access controls

Scoop Dashboard access is restricted to administrators that are designated by a Scoop customer. All administrator accounts must be authenticated and access records are logged.

Data access controls

The Scoop team seeks to restrict access to all user information to only those on the team who require it in order to help provide the Scoop service.

Data guidelines, team protocols, and monitoring are evaluated in concert with Scoop’s legal counsel and maintained to the best of our knowledge.

Security datasheet

To learn more about our privacy and security practices, download our security datasheet.

Reserve your free trial

Schedule time with our team for a complete demo of how the Scoop platform can help you thrive as a hybrid organization.

Connect with our team

Are you a commuter? Visit our commuters page to learn more and download the Scoop app for iOS or Android.

Connect with our Team

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.