External Information Security Audit:
Scribe is SOC 2 Type II audited annually to verify the efficacy of our information security and business continuity controls.
Environment and Access Control:
Scribe's infrastructure is designed such that development, staging, and production environments are entirely segregated, and access to each is based on a least permissions policy.
Encryption:
Data is encrypted both in transit and at rest using industry-standard encryption measures (AES 256 and TLS 1.2/1.3 tunnels), and Scribe has enabled additional user-side features to allow for redaction of data at the Pro and Enterprise level.
IPS/IDS:
Scribe has intrusion detection and prevention systems, as well as logging and monitoring, to ensure the security of our environment.
Data Minimization:
Scribe collects only user data that is essential to the functionality of our platform. Data collection is user-activated for purposes of capturing digital processes. Scribe collects screenshots and action items such as clicks and keystrokes after the user hits "Capture." Users may stop capturing their actions at any time.