Security and compliance,
without the runaround.
Everything procurement, security, and legal teams need to evaluate Screeq — in one place. Last updated June 27, 2026.
14-day free trial · No credit card · Cancel anytime
Where we are on the roadmap.
We publish status, not aspirations. Items marked "in progress" have a budget, an owner, and a timeline.
Processing of EU/EEA personal data on behalf of Customer Controllers.
Processing of personal data of UAE residents.
Screeq SaaS platform, supporting cloud infrastructure, and corporate IT.
Privacy Information Management System on top of ISO 27001.
Security, Availability, Confidentiality, Processing Integrity and Privacy.
Engineering, customer onboarding, success and support.
Security practices.
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database backups are encrypted with separately-managed keys.
Row-level security on every tenant-scoped table. Role-based access for staff with least-privilege defaults. Production access requires SSO + hardware MFA.
Every privileged action — admin overrides, exports, deletions — is recorded in an immutable audit log available to Customer admins.
Dependency scanning on every build. Annual third-party penetration test. Critical CVEs patched within 7 days; high within 30.
24/7 on-call rotation. Customers notified within 72 hours of confirmed personal-data breach, per GDPR Art. 33.
Daily encrypted backups with 30-day retention. RPO 1 hour, RTO 4 hours. DR drills run quarterly.
Every vendor that touches your data.
Required by GDPR Art. 28 and SOC 2. Customers on Enterprise plans receive 30 days' advance notice of any addition.
| Vendor | Purpose | Data | Region | |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Primary cloud hosting and compute | All Customer Data at rest | EU (Ireland), US (N. Virginia), UAE (Dubai) | Trust page |
| Cloudflare | CDN, DDoS mitigation, edge runtime | Request metadata, cached static assets | Global edge network | Trust page |
| Google Cloud (Gemini API) | AI scoring, transcription, summarisation | Candidate answer text and audio (no training) | EU / US | Trust page |
| OpenAI | AI scoring and assessment grading (zero-retention) | Candidate answer text (no training) | US | Trust page |
| Resend | Transactional email delivery | Recipient email, message metadata | US / EU | Trust page |
| Stripe | Subscription billing and payment processing | Billing contact, payment method (tokenised) | US / EU | Trust page |
| Supabase | Managed Postgres, authentication, object storage | All Customer Data at rest | EU (Frankfurt), US, AP regions | Trust page |
| Twilio | SMS notifications and OTP delivery | Recipient phone number, message body | Global | Trust page |
Data Processing Addendum.
Pre-signed by Screeq and ready for your countersignature. Includes the EU Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum for cross-border transfers.
- • SOC 2 readiness letter
- • Penetration test executive summary
- • SIG Lite / CAIQ questionnaire (pre-filled)
- • Business continuity & DR plan summary
- • Cyber insurance certificate
Dig into the specifics.
GDPR, PDPL, ISO 27001/27701, SOC 2 and ISO 9001 — controls, scope and status.
One matrix, six frameworks — every Screeq control mapped to the framework it supports.
Every vendor that processes Customer data, with purpose and region. Subscribe for changes.
Architecture, encryption, audit log, and our SOC 2 roadmap in plain English.
What we collect, why, and your rights as a data subject.
Standard DPA + SCCs ready for signature.
Live uptime, incident history, subscribe to updates.
Master agreement, SLAs, acceptable use.
Disclosure, evidence requests, vendor reviews.