Scrutari
Sign inRequest access

Last updated: May 25, 2026

Data Processing Addendum

Where Scrutari processes personal data on your behalf in operating the workspace you control, we act as a processor under GDPR Article 28 and equivalent regimes. This addendum sets out the processor terms that govern that processing.

Scope of processing

Scrutari processes the personal data described in the Privacy Policy for the sole purpose of operating the service you subscribed to. We do not process customer data for any independent purpose and do not sell, rent, or share customer data with third parties outside the sub-processor list.

Sub-processors

Scrutari's authorized sub-processors are Microsoft Azure (infrastructure) and Stripe (payments). Adding a new sub-processor to the production path triggers a 30-day email notice to the workspace owner; if you object you can archive your workspace under the standard cancellation terms before the new sub-processor goes live.

Security

Scrutari maintains the technical and organizational measures described in our Compliance page: TLS 1.3 with hybrid post-quantum key exchange on every external connection, encryption at rest for all customer data, role-based access controls with separation of production and analytics environments, and an audit log of administrative actions retained for seven years.

Breach notification

We notify the workspace owner without undue delay on confirming any personal-data breach affecting your workspace, and in any case within 72 hours of confirmation. The notice describes the categories and approximate number of data subjects affected, the likely consequences, and the measures we have taken or propose to take to mitigate the breach.

International transfers

Where personal data is transferred outside the EEA / UK, Scrutari relies on the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, together with the supplementary technical measures described in our Compliance page (hybrid PQ TLS, encryption at rest, audit observability).

Term and return of data

This addendum endures while you operate a workspace on Scrutari. On termination, we return or delete the personal data we hold on your behalf within 30 days, except where retention is required by law (tax records, breach-investigation records).

Questions on anything above? legal@scrutari.ai.

Move your TLS posture to post-quantum before the timeline moves you.

Scrutari is in early access for SaaS teams whose largest customers require a documented PQ-TLS migration plan and who don't intend to rebuild their TLS stack to produce one. If that's your constraint, get in touch.

Request access