ScaleApp

Security at Scaleapp Education AB

Last updated: December 2025

At Scaleapp Education AB ("Scaleapp," "we," "our," or "us"), the security, confidentiality, and integrity of your data are our highest priority. This Security Overview outlines the technical, organizational, and procedural measures we use to protect the Scaleapp Learning Management System ("Service") and the data entrusted to us.

1. Our Security Commitment

We design Scaleapp with a security-first approach. Our practices are aligned with industry standards and informed by modern cloud architecture, secure development lifecycles, and continuous monitoring.

We strive to maintain a secure platform for organizations, instructors, and learners at all times.

2. Data Encryption

2.1 In Transit

All data transmitted between your browser or device and Scaleapp is encrypted using:

  • TLS 1.2+
  • HTTPS with modern cipher suites
  • Secure WebSockets for real-time features

2.2 At Rest

Data stored within our systems is encrypted using:

  • AES-256 or industry-equivalent encryption
  • Encrypted backups stored in secure environments
  • Encrypted storage for sensitive data

3. Authentication & Access Control

  • Secure password hashing (bcrypt or Argon2)
  • Optional Multi-Factor Authentication (MFA)
  • Role-Based Access Control (RBAC) for student, instructor, and admin roles
  • Session management with secure tokens and expiration
  • API key security with scoping and revocation
  • Principle of Least Privilege enforced across all internal systems

We never store plaintext passwords.

4. Infrastructure & Network Security

Scaleapp is hosted on reputable cloud platforms with advanced security measures. Our infrastructure includes:

  • Isolated virtual networks (VPC)
  • Firewall protection and traffic filtering
  • DDoS mitigation
  • Load balancers for redundancy and uptime
  • Continuous monitoring for unauthorized access attempts
  • Automated backups with geographic redundancy
  • Disaster recovery and business continuity plans

5. Application Security

Scaleapp follows secure development practices throughout our engineering lifecycle.

  • OWASP Top 10 aligned development
  • Code reviews with security checks on every deployment
  • Dependency scanning and patching
  • Input validation to prevent injection attacks
  • Protection against XSS, CSRF, and SQL injection
  • Regular internal security testing
  • Periodic third-party penetration testing

6. Data Privacy & Compliance

Scaleapp complies with multiple data protection frameworks applicable to our customers, including:

  • GDPR (EU General Data Protection Regulation)
  • FERPA (US education privacy requirements, where applicable)
  • Data minimization principles
  • User consent mechanisms for optional data processing
  • Right to access, export, and delete personal data

A dedicated Data Processing Agreement (DPA) is available for organizations that require it.

7. User Security Responsibilities

Security is a shared responsibility. We recommend users:

  • Use strong, unique passwords
  • Enable MFA when available
  • Avoid sharing login credentials
  • Log out on shared devices
  • Keep software and browsers updated
  • Report suspicious activity immediately
  • Beware of phishing attempts claiming to be from Scaleapp

8. Incident Response

We maintain a formal incident response program that includes:

  • 24/7 monitoring and alerting
  • Immediate investigation of identified threats
  • Containment and remediation protocols
  • Notifications to affected customers as required by law
  • Post-incident reviews and improvements

We comply with all legally required data breach notification obligations.

9. Third-Party Security & Sub-Processors

We partner only with vetted service providers who meet strict security standards.

  • Security evaluations of vendors
  • Data Processing Agreements (DPAs) with all sub-processors
  • Restricted, purpose-limited data access
  • Ongoing monitoring of vendor security posture

A list of active sub-processors is available upon request or on our Sub-Processor page.

10. Security Maintenance & Monitoring

Our security posture is continuously maintained through:

  • Regular patching and updates
  • Automated vulnerability scanning
  • Scheduled security maintenance windows
  • Logging and monitoring of critical events
  • Automated detection systems for anomalies

11. Reporting a Security Issue

We encourage responsible disclosure. If you believe you've found a security vulnerability, please contact us immediately and do not publicly disclose it before we address it.

Security Contact:

📧 security@joinscaleapp.com

Please include:

  • Description of the issue
  • Steps to reproduce
  • Relevant technical details (screenshots, logs, endpoints)

We will acknowledge and investigate promptly.

12. Updates to This Security Page

We regularly update our security practices to adapt to new threats and improve resilience. Updates to this page will be reflected by the "Last updated" date at the top.

13. Contact Us

For general security questions or inquiries:

Scaleapp Education AB – Security Team

Sweden

📧 Security: security@joinscaleapp.com

📧 General Support: support@joinscaleapp.com