Security

We take the security of your data seriously. Here is how we protect your information and your clients' privacy.

Last updated: April 2026

Data Handling

Scrippio stores the data you enter, including client records, session notes, draft reports, and uploaded documents in a secure database linked to your account. This is what allows you to access your work across sessions.

  • Client records, session notes (text and voice transcripts), and draft report content are stored in your account database
  • All data is encrypted in transit (TLS 1.2 or higher) and encrypted at rest via our database provider
  • You can export a copy of your data or permanently delete your account and all associated records from Settings → Data
  • Client data is stored securely and accessible only to your account

Infrastructure

Scrippio is hosted on a globally distributed cloud platform with SOC 2 Type II and ISO 27001 compliant infrastructure.

  • Edge network hosting with DDoS protection
  • SOC 2 compliant infrastructure at the platform level
  • Automatic HTTPS on all endpoints - no plaintext connections
  • Database storage encrypted at rest via our infrastructure provider

AI Processing

Report generation uses a third-party AI service. When you generate a report, your inputs are transmitted to our AI provider's API and the response is returned to you. Scrippio does not retain a copy of this exchange.

  • Input data is sent to our AI provider's API over an encrypted connection
  • Scrippio does not log or store the content of AI requests or responses
  • Our AI provider's data retention and usage policies apply to API interactions - see their privacy policy for details
  • API inputs are not used to train AI models by default (per our AI provider's standard API terms)

Authentication

User accounts and authentication are managed by a purpose-built authentication service that follows security best practices.

  • Industry-standard password hashing - we never store plaintext passwords
  • Session tokens are short-lived and stored securely in HTTP-only cookies
  • Email verification required on account creation
  • Sessions are automatically invalidated on sign-out
  • SOC 2 Type II compliant authentication infrastructure

Reporting Vulnerabilities

If you discover a security vulnerability in Scrippio, please disclose it responsibly. We review all security reports and respond within 5 business days.

Contact us at scrippio.au@gmail.com with a description of the vulnerability and steps to reproduce it. Please do not disclose the issue publicly until we have had a chance to address it.