Scrutari
Sign inRequest access

Last updated: May 25, 2026

Privacy Policy

Scrutari operates a post-quantum TLS gateway and a supporting management dashboard. This policy describes what we collect, why, and how long we keep it.

What we collect

  • Account data. Workspace owner email, name, and the company name supplied during signup. Collected directly from you when you create a workspace.
  • Authentication metadata. The Entra ID object identifier issued by your identity provider, and timestamps for sign-in, sign-out, and session refresh events.
  • Operational telemetry. Aggregate metrics about traffic flowing through the gateway you operate. We do not inspect or store payload bodies, request headers, or response contents.
  • Billing data. Plan tier, subscription status, and invoice history. Card data is handled exclusively by Stripe; we never receive card numbers.

What we do not collect

Scrutari does not log payload bodies, request URLs beyond the SNI host, response contents, cookies, or any other content of traffic the gateway terminates. The TLS handshake telemetry we emit covers cipher suites and key-exchange groups only, never client identifiers or payload data.

Why we collect it

To operate the workspace you signed up for, to bill you, to investigate incidents you raise with our support channels, and to comply with our own legal obligations (tax, anti-fraud, audit requirements imposed by SOC 2 and ISO 27001 controls).

How long we keep it

  • Account data: while the workspace is active plus 30 days after archive (the grace window during which recovery is one click). Hard deletion follows on day 31.
  • Operational telemetry: 90 days rolling, then aggregated indefinitely with all tenant identifiers stripped.
  • Audit logs of administrative actions: 7 years, per SOC 2 retention guidance.
  • Billing records: as long as tax law in our operating jurisdictions requires, typically 7 years.

Sub-processors

Scrutari runs on Microsoft Azure (compute, managed Postgres, Key Vault, observability) and uses Stripe for payments. A current sub-processor list is available on request via the contact below; we notify workspace owners by email at least 30 days before a new sub-processor is added to the production path.

Your rights

You can request access, correction, export, or deletion of any personal data we hold by emailing the contact below. We respond within 30 days. EEA visitors have additional rights under GDPR Articles 15 through 22; HIPAA-covered entities should reference our Data Processing Addendum for breach notification and minimum-necessary terms.

Questions on anything above? legal@scrutari.ai.

Move your TLS posture to post-quantum before the timeline moves you.

Scrutari is in early access for SaaS teams whose largest customers require a documented PQ-TLS migration plan and who don't intend to rebuild their TLS stack to produce one. If that's your constraint, get in touch.

Request access