Data security
Defense-in-depth controls protect customer data across its lifecycle.
Encryption
- All data encrypted in transit with TLS
- Data at rest encrypted with AES-256
- Encrypted, regularly tested database backups
Access control
- Least-privilege, need-to-know access
- Permissions reviewed quarterly
- Access revoked immediately on offboarding
Infrastructure
- Hosted on hardened cloud infrastructure
- Firewalls, antivirus, and network segmentation
- Logical tenant isolation between customers
Resilience
- Encrypted backups with regular restore tests
- Monitoring and alerting on the production environment
- Documented incident response process
AI & agent governance
Rescana runs autonomous AI agents on your behalf. We design those agents to be transparent, bounded, and safe with your data.
Your data is not used to train models
Customer data is never used to train third-party foundation models. Prompts and outputs are processed solely to deliver the service to you.
Bounded autonomy
Agents operate within defined guardrails and scopes. Sensitive or high-impact actions are designed to keep a human in the loop.
Transparent data flows
We disclose the LLM providers we rely on in our sub-processor list, so you always know where data is processed.
Acceptable use
Use of our AI features is governed by our AI Terms, which set out responsible-use expectations.
Privacy & data protection
Rescana Ltd. is the data controller for our site and the processor for customer data we handle on your behalf.
Your rights
- Access, correction, portability, and deletion
- Restriction of and objection to processing
- Defined data retention and deletion policy
Documents
- Privacy Policy
- Terms of Service
- Data Processing Agreement (DPA) on request
International transfers
Cross-border transfers rely on adequacy decisions or EU Standard Contractual Clauses to maintain EEA-equivalent protection.
Sub-processors
When acting as a processor for our customers, Rescana engages the sub-processors below. This list may be updated from time to time; contact us to subscribe to change notifications.
| Sub-processor | Purpose | Location |
|---|---|---|
| OpenAI | Natural language processing | USA |
| AWS | Cloud computing and storage | USA / Global |
| Mixpanel | Product analytics | USA |
| Segment | Customer data infrastructure | USA |
| HubSpot | CRM | USA |
| SendGrid | Email delivery | USA |
| Slack | Secure messaging | USA |
| Have I Been Pwned | Data breach intelligence | Australia |
Vulnerability disclosure
We welcome reports from the security community. If you believe you have found a vulnerability in Rescana, please tell us.
How to report
Email security@rescana.com with details and reproduction steps. We acknowledge reports and work with you in good faith toward a resolution. Please do not publicly disclose before we have remediated.
Testing pledge
We will not pursue legal action against researchers who act in good faith, avoid privacy violations and service disruption, and give us reasonable time to respond.
Request our security documentation
Our SOC 2 Type II report, ISO certificates, penetration test summary, DPA, and completed security questionnaires (SIG / CAIQ) are available to customers and prospects under NDA.
Request access →Prefer to talk to a person? Contact our team or email legal@rescana.com.
This Trust Center is reviewed regularly. For specific questions, contact security@rescana.com.