Security

How Scout handles your clients’ data.

Plain explanations of what Scout reads, where it’s stored, who can see it, and what you can do if you want it back or want it gone. Written for the agency owner, the IT lead, and the procurement person - not the marketing team.

Multi-tenancy, two layers

Every row carries a workspace_id. Postgres RLS enforces it.

Scout is multi-tenant by design. Every table holding client data has a workspace_id column and a Postgres row-level security policy that prevents cross-workspace reads - even if the application layer made a mistake. Two layers, not one.

Your agency’s data is invisible to every other agency on Scout. Your clients’ data is scoped per workspace, never blended.

Scoped, read-only, revocable

OAuth per integration. We ask for the minimum each platform needs.

Every integration connects via OAuth, scoped to read-only where the platform supports it. You revoke access from the platform’s own admin at any time. We never store passwords, only refresh tokens, and we rotate them according to each platform’s recommendations.

Per-platform scope breakdown is published - ask us for the current list.

No writes to your ad accounts. Ever.

A deliberate product decision, not a missing feature. Reporting and write actions are different jobs. Scout does one of them. Your campaigns, flows, and budgets are touched by humans - not by a layer of automation you can’t fully see. We don’t plan to change this.

Your data doesn’t train any model.

Scout uses Anthropic’s Claude API under a commercial agreement that excludes your data from model training. Your client memory, your voice profile, your reports - none of it is used to improve Claude or any other model.

Where the data lives

Hosting & infrastructure - Vercel + Supabase. EU and US regions available.

Application hosted on Vercel. Database and storage on Supabase (managed Postgres). Region selectable at workspace creation. Daily encrypted backups with 30-day retention; point-in-time recovery available on request.

Your data, your call

Export anytime. Delete on request.

Memory exports as markdown or JSON, one click, no friction. Reports export as markdown, PDF, or Word. On account closure, your data is deleted within 30 days; sooner on request. We provide written confirmation of deletion.

If something goes wrong, you hear from us first.

We maintain a documented breach response plan. In the event of an incident affecting your data, affected agencies are notified within 72 hours, with what we know, what we’re doing, and what (if anything) you should do. Public summary of the runbook available on request.

Procurement-friendly

DPA, ToS, privacy policy, security one-pager.

• Data Processing Agreement - signable, standard EU SCCs included.
• Terms of Service.
• Privacy Policy.
• Security one-pager - printable summary for IT review.

SOC 2 Type I in progress. Type II planned post-launch. Ask for the current status.

Ask us anything.

Security questions, DPA requests, anything procurement needs: security@askscout.app. We reply within one business day.