Scalekit Trust Center: Security, Privacy, and Compliance

Frequently asked questions

What certifications does Scalekit have?

Scalekit holds ISO 27001 and SOC2 certifications and conducts regular VAPT assessments to maintain high-security standards.

What data do you store?

Scalekit stores only the data sent from identity providers. For more information, view our Privacy Policy

Where is customer data stored?

Customer data is stored in U.S. data centers. We plan to support the EU data centers by January 2025.

Is your data encrypted?

Yes, Scalekit uses HTTPS / TLS 1.3 to protect data in transit and at rest, safeguarding your information from unauthorized access.

Pll / User data

Secure Cache with TTL

Client Secrets / API Keys

Hashed using Bcrypt

End customer data

Encrypted using Keys via GCP CKM

Tokens / Sessions

Stateless and verified using Signature

Transport

HTTPS/SSL for all APIs and SSL/TLS for all internal connections.

Database / Disk

AES-256 Encryption at Rest

Is Scalekit GDPR compliant?

Scalekit is working towards achieving GDPR compliance by January 2025.

What happens to my data after account termination?

Data is retained for 30 days post-termination and is then permanently deleted unless restoration is requested during that period.

Can you provide a pen test report?

The latest penetration test report can be provided to customers after signing an NDA. Contact us at security@scalekit.com for more details.

Where can I find the list of data subprocessors?

Please see our [list of subprocessors] for the most up-to-date information

How can I report security issues?

Please report security issues by emailing us at security@scalekit.com. We address them as quickly as possible.

Learn about our commitments to data security and privacy.

Understand how we collect, use, and protect your personal information.

Understand the rules and guidelines governing your use of our services.

Understand how we work with third-party service providers to process your data.