Security

Built with security review in mind

Scalivo handles sales data — deal values, rep performance, pipeline composition. We treat that data with the discretion it deserves and document our practices so your security team can review them before you connect.

Security Practices

How we protect your sales data

Read-only access only

Scalivo never requests write permissions on any connected CRM. OAuth scopes are documented in our security review packet. Your Salesforce or HubSpot data cannot be modified by Scalivo under any circumstances.

Tenant data isolation

Customer data is stored in isolated database schemas per account. No shared tables between customers. Data access paths are audited at the application layer before any query executes.

Encryption in transit and at rest

All data is encrypted in transit using TLS 1.2 or higher. Data at rest uses AES-256 encryption. Encryption keys are managed separately from data storage.

No data resale or third-party sharing

Your sales data is not used to train shared models, benchmarks, or industry analytics products without explicit opt-in. We do not share, resell, or aggregate customer data with third parties.

SSO and role-based access

Scalivo supports SAML 2.0 SSO and role-based access controls. Admin, manager, and read-only roles are configurable. MFA is available for all accounts and required for admin-level users.

Security review support

We provide a security review packet for enterprise customers including OAuth scope documentation, infrastructure summary, data retention policy, and subprocessor list. Contact us at [email protected] to request it.

Compliance Posture

Where we are on compliance

We're honest about our current compliance posture. Scalivo is a young company and we're building toward formal certifications with appropriate investment.

In Progress

SOC 2 Type II

Our infrastructure and security controls are designed with SOC 2 Type II in mind. We're building toward formal audit readiness. If your security team requires SOC 2 certification as a prerequisite, contact us to discuss our timeline.

Active

GDPR Compliance

Our privacy practices comply with GDPR requirements for data processors. We maintain a Data Processing Agreement (DPA) available for customers operating under GDPR. Contact us to request a DPA.

Active

CCPA Compliance

We comply with CCPA as it applies to personal data we process on behalf of customers. Our Privacy Policy documents individual rights and our procedures for honoring data access and deletion requests.

Security questions? Contact us directly at [email protected]. We respond to security inquiries within one business day.