While your teams use Scribe to document and share processes, we want you to know your data is 100% protected. Scribe is not just easy and fast — it’s absolutely secure.
Information security and privacy are built into Scribe’s growth, mission and vision. Alongside vulnerability scanning, penetration testing, access control, encryption and data privacy measures, Scribe successfully went through a SOC 2 Type II audit.
We are tirelessly committed to the protection of your data and your privacy. Scribe’s information security and privacy controls are detailed below.
We offer numerous security and privacy controls, including custom role configuration, centralized control of sharing permissions by a company-appointed administrator, activity logs, SSO integration, and automated redaction of PII and PHI for our Enterprise customers.
We do not sell any user data to third parties. We use some third parties to provide our services (e.g., AWS and OpenAI, all subprocessors are listed at scribehow.com/legal/subprocessors), but we hash and encrypt all data to prevent vendors from viewing the data.
Scribe captures screenshots of user actions (clicks and typing) and collects the domains of visited websites or web pages. Keystrokes are not collected from fields tagged as "secure" by the website or application. This is defined as “User Content.” In addition to User Content, we collect session data, including user name, email address, IP address, browser type, machine type, OS type, approximate geolocation. This is defined as “User Data.” This data is collected on your users who are granted Scribe accounts and used for error logs, user analytics, and troubleshooting.