|Trust Center

Scribe

While your teams use Scribe to document and share processes, we want you to know your data is 100% protected. Scribe is not just easy and fast — it’s absolutely secure. 

Information security and privacy are built into Scribe’s growth, mission and vision. Alongside vulnerability scanning, penetration testing, access control, encryption and data privacy measures, Scribe successfully went through a SOC 2 Type II audit.

We are tirelessly committed to the protection of your data and your privacy. Scribe’s information security and privacy controls are detailed below.

fa-envelope alpaca-fa-regular
security@scribehow.com
fa-link alpaca-fa-regular
Privacy Policy

FAQ

fa-magnifying-glass alpaca-fa-regular
chevron-down
Do you encrypt data at rest?

Yes! We encrypt data at rest using AES 256 encryption.

chevron-down
How do you handle the data we collect?

We store your data for content hosting purposes. We do not sell your data to any third parties. It is encrypted at rest and in transit and protected through least permissions access control. We do not use production data in testing environments.

chevron-down
Do you support Single Sign-On (SSO)?

Yes, we offer SSO integration for our Enterprise customers.

chevron-down
Where are your servers located?

In the United States.

chevron-down
What privacy/security settings are available?

We offer numerous security and privacy controls, including custom role configuration, centralized control of sharing permissions by a company-appointed administrator, activity logs, SSO integration, and automated redaction of PII and PHI for our Enterprise customers.

chevron-down
How do you monitor for security breaches?

We leverage a suite of alerting and monitoring tools alongside 24x7x365 on-call Engineers to detect, classify, and report any potential breach.

chevron-down
How can we minimize the data that we share with Scribe?

At the Pro and Enterprise levels, we offer automated data redaction capabilities. These features redact data before it is stored on our servers, meaning we do not store or ever receive an unredacted version of the data.

chevron-down
Do you use our data to train AI?

For our in-product AI features, no. We do not use data to train any AI algorithm for our Pro or Enterprise users, neither internally nor for in-product AI features.

chevron-down
Do you share our data with third parties?

We do not sell any user data to third parties. We use some third parties to provide our services (e.g., AWS and OpenAI, all subprocessors are listed at scribehow.com/legal/subprocessors), but we hash and encrypt all data to prevent vendors from viewing the data.

chevron-down
What data does Scribe collect?

Scribe captures screenshots of user actions (clicks and typing) and collects the domains of visited websites or web pages. Keystrokes are not collected from fields tagged as "secure" by the website or application. This is defined as “User Content.” In addition to User Content, we collect session data, including user name, email address, IP address, browser type, machine type, OS type, approximate geolocation. This is defined as “User Data.” This data is collected on your users who are granted Scribe accounts and used for error logs, user analytics, and troubleshooting.

chevron-down
Does Scribe record videos?

No, Scribe does not record videos of user sessions. It only captures screenshots at the time of user actions.

chevron-down
How does Scribe use OpenAI?

Scribe uses OpenAI's text generation API in two ways: to generate titles for Scribe documents based on the text content and accessed domains and to assist in creating guides when users opt to use the "Create Page with AI" feature.

chevron-down
What security measures are in place to protect Scribe data?

Scribe employs AWS security features like GuardDuty, CloudWatch, and CloudTrail for intrusion detection, monitoring, and logging, alongside a web application firewall, mothly vulnerability scans, and annual penetration tests.

chevron-down
What access controls does Scribe offer?

Scribe provides role-based access control with different permissions for super administrators, team managers, creators, and viewers. Custom roles can also be created for more granular control over access.