Security & Compliance
ISO 27001
International standard for information security management. A systematic, risk-based approach to protecting sensitive information.
SOC 2 Type II
Independent audit of security, availability, and confidentiality controls over an extended period. The full report is gated for confidentiality — request access via the trust portal.
GDPR
EU General Data Protection Regulation. Scrapfly processes personal data lawfully with SCCs Module 2 embedded in our DPA for EEA→US transfers.
How we protect your data
Encryption
TLS 1.2+ in transit, AES-256 at rest. Managed keys rotated on a schedule.
Access control
Role-based access, enforced MFA, audited admin actions.
Vendor due diligence
Sub-processors vetted and documented in our DPA.
International transfers
EEA→US transfers covered by SCCs Module 2 embedded in our DPA (available to Enterprise customers).
Full document library
All compliance documentation, audit reports (on request), and sub-processor lists.
Visit trust portal