Security

Scout handles your API keys, the queries you send, and the web content it retrieves for you. This page explains how we protect that data and how to report a security issue.

1. Encryption

All traffic to the Scout API and website is encrypted in transit with TLS. Account records, usage logs, and other data at rest are encrypted by our infrastructure providers.

2. API keys

API keys are stored only as salted hashes. The raw key is shown once, at creation, and never again. If a key is exposed, revoke it from your account and generate a new one.

3. Access and isolation

Internal access to production systems is limited to the people who need it to run the service, and every account’s data is read and written under its own scope.

4. Your queries and retrieved content

Queries you send and the content Scout retrieves are processed only to fulfil your request. Responses may be cached transiently for performance. We do not sell your data, and we do not use your queries or retrieved content to train shared models.

5. Retention and deletion

Account data is kept while your account is active. Usage logs are kept for a limited period for security and billing. You can request deletion of your account data at any time.

6. Incident response

We keep a documented process for handling security incidents. If a breach affects your data, we will notify you without undue delay, with what happened and what we are doing about it.

7. Reporting a vulnerability

Found a security issue? Email support@usescout.ai. We aim to respond within one business day and credit researchers who report responsibly.