(last updated November 9, 2018)
Scalyr’s Commitment to Security and Privacy
Scalyr is committed to achieving and preserving the trust of our customers. Our comprehensive security and privacy program carefully considers data protection and privacy across our products and services, including data submitted by customers to our online service.
Security Assessments and Compliance
Scalyr’s physical infrastructure is hosted within Amazon’s US and EU secure data centers using Amazon Web Services (AWS). Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
We use PCI-DSS-compliant payment processor Stripe for encrypting and processing credit card payments. Scalyr completes a self-attested questionnaire (SAQ) on an annual basis to ensure that PCI data are properly secured.
Service Organization Controls (SOC) exist to validate a company’s controls and ensure industry standards are followed. Our SOC 2 Type I report was prepared in accordance with the Statement on Standards for Attestation Engagements No. 18 (a.k.a SSAE 18) and documents operational policies and procedures for Scalyr’s system of internal controls. Our SOC 2 Type II certification is in process.
Security and Privacy Documentation
- Data Processing Addendum To complete this DPA, contact us at firstname.lastname@example.org and we’ll send you a copy to sign electronically. After we receive the completed DPA, it will come into effect and legally bind both parties (Scalyr and your company).
- Sub-processor Information
- Technical and Organizational Measures