Your data security and privacy are core to Scrunch. We maintain enterprise-grade controls, are SOC 2 Type II compliant, and provide transparency through our publicly accessible Trust Center.
Explore the FAQs below or visit the Scrunch Trust Center for current SOC 2 Type II reports, detailed security policies, data handling information, and our subprocessor list.
Yes. Scrunch has successfully completed a SOC 2 Type II audit conducted by an independent third-party auditor.
We maintain comprehensive controls across infrastructure and product security, organizational processes, internal procedures, and data privacy protections. Scrunch is compliant with GDPR and CCPA, and we do not sell personal information.
Learn more in the full FAQ: Is Scrunch SOC 2 Type II compliant and what security standards does it meet?
Scrunch supports four roles with granular, brand-level control:
Organization-wide roles can be overridden per brand, so a user can have different permissions for different brands within the same account.
Learn more: What user roles and permissions are available in Scrunch?
Enterprise plan customers can enable SSO with major identity providers including Okta, Microsoft Entra ID (formerly Azure AD), and Google Workspace. Any identity provider that supports SAML 2.0 or OIDC is also supported.
Configuration options include just-in-time provisioning, domain enforcement, admin role management, and brand-level access controls. Step-by-step setup guides are available in the Scrunch Help Center.
Learn more: What single sign-on (SSO) providers does Scrunch support?
No. Scrunch does not collect personal information from members of the general public as part of its service offerings.
Learn more: Does Scrunch collect personal information from people using AI platforms like ChatGPT?
For the latest certifications, policies, and security posture, visit the Scrunch Trust Center.