Our Practices
How we safeguard your data.
Every measure listed below is drawn directly from our Privacy Policy and Terms of Service — the same commitments we make contractually to every client.
Privacy Policy §7, §12
Encryption
Personal data is protected by encryption in transit and at rest. International data transfers are further secured with technical and organizational measures alongside EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and Swiss-specific provisions.
- Encryption applied in transit and at rest depending on the nature of the data.
- Transfer impact assessments maintained for cross-border data flows.
Privacy Policy §12, §16 · Terms §3
Access Controls & Permissions
Access to personal data is governed by access minimization and role-based permissions. Account holders are responsible for maintaining the confidentiality of their credentials, and all activity under an account is attributed to that account holder.
- Access minimization and role-based permissions enforced by default.
- Account credential confidentiality required of every user.
Privacy Policy §5(b), §12
Monitoring & Incident Detection
Scaalr employs logging, monitoring, and network security measures to detect, investigate, and prevent fraud, abuse, and security incidents across the Services.
- Logging and monitoring of service activity.
- Network security measures to protect infrastructure.
- Fraud, abuse, and security incident detection and prevention.
Privacy Policy §15
Breach Notification
In the event of a personal data breach, Scaalr follows defined notification timelines. As a controller, the competent supervisory authority is notified within 72 hours under GDPR. As a processor, the client is notified without undue delay. Under PIPEDA, affected individuals and the Privacy Commissioner are notified as required.
- 72-hour supervisory authority notification under GDPR/UK GDPR.
- Processor-to-controller notification without undue delay.
- PIPEDA breach reporting and records maintenance.
Privacy Policy §12, §16
Secure Development & Privacy by Design
Scaalr maintains secure development practices, vulnerability management, and data protection by design and by default. Data protection impact assessments are performed where processing is likely to result in high risk to individuals.
- Secure development practices and vulnerability management.
- Data protection by design and by default.
- Data protection impact assessments (DPIAs) for high-risk processing.
Privacy Policy §4.1, §6(a) · Terms §8
Third-Party & Payment Security
Payment card data is processed by third-party payment processors; Scaalr does not store full card numbers. All service providers and processors are bound by written contracts and process personal data only under Scaalr's documented instructions. Confidentiality obligations govern all information exchanged between parties.
- Scaalr does not store full payment card numbers.
- Service providers bound by written data processing contracts.
- Mutual confidentiality obligations for all parties.