Security and compliance,
without the runaround.
Everything procurement, security, and legal teams need to evaluate Screeq — in one place. Last updated May 9, 2026.
14-day free trial · No credit card · Cancel anytime
Where we are on the roadmap.
We publish status, not aspirations. Items marked "in progress" have a budget, an owner, and a timeline.
Screeq SaaS platform, supporting infrastructure, and corporate IT.
Security, Availability, and Confidentiality trust criteria.
Processing of EU/EEA personal data on behalf of Customers.
Processing of personal data of UAE residents.
Security practices.
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database backups are encrypted with separately-managed keys.
Row-level security on every tenant-scoped table. Role-based access for staff with least-privilege defaults. Production access requires SSO + hardware MFA.
Every privileged action — admin overrides, exports, deletions — is recorded in an immutable audit log available to Customer admins.
Dependency scanning on every build. Annual third-party penetration test. Critical CVEs patched within 7 days; high within 30.
24/7 on-call rotation. Customers notified within 72 hours of confirmed personal-data breach, per GDPR Art. 33.
Daily encrypted backups with 30-day retention. RPO 1 hour, RTO 4 hours. DR drills run quarterly.
Every vendor that touches your data.
Required by GDPR Art. 28 and SOC 2. Customers on Enterprise plans receive 30 days' advance notice of any addition.
| Vendor | Purpose | Data | Region | |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Primary cloud hosting and compute | All Customer Data at rest | EU (Ireland), US (N. Virginia), UAE (Dubai) | Trust page |
| Cloudflare | CDN, DDoS mitigation, edge runtime | Request metadata, cached static assets | Global edge network | Trust page |
| Google Cloud (Gemini API) | AI scoring, transcription, summarisation | Candidate answer text and audio (no training) | EU / US | Trust page |
| OpenAI | AI scoring and assessment grading (zero-retention) | Candidate answer text (no training) | US | Trust page |
| Resend | Transactional email delivery | Recipient email, message metadata | US / EU | Trust page |
| Stripe | Subscription billing and payment processing | Billing contact, payment method (tokenised) | US / EU | Trust page |
| Supabase | Managed Postgres, authentication, object storage | All Customer Data at rest | EU (Frankfurt), US, AP regions | Trust page |
| Twilio | SMS notifications and OTP delivery | Recipient phone number, message body | Global | Trust page |
Data Processing Addendum.
Pre-signed by Screeq and ready for your countersignature. Includes the EU Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum for cross-border transfers.
- • SOC 2 readiness letter
- • Penetration test executive summary
- • SIG Lite / CAIQ questionnaire (pre-filled)
- • Business continuity & DR plan summary
- • Cyber insurance certificate
Dig into the specifics.
Architecture, encryption, and our SOC 2 roadmap in plain English.
What we collect, why, and your rights as a data subject.
Standard DPA + SCCs ready for signature.
Live uptime, incident history, subscribe to updates.
Master agreement, SLAs, acceptable use.
Disclosure, evidence requests, vendor reviews.