Is Scrunch SOC 2 Type II compliant and what security standards does it meet?
Yes. Scrunch has successfully completed a SOC 2 Type II audit conducted by an independent third‑party auditor.
Scrunch maintains comprehensive security controls across infrastructure, organizational practices, product safeguards, internal procedures, and data privacy protections.
Verify in the Scrunch Trust Center
You can independently review Scrunch’s security posture in the public Scrunch Trust Center. It provides:
Current SOC 2 Type II audit reports and certification status
Detailed security and data handling policies
Information about data collection methodologies
A complete list of third‑party subprocessors
Enterprise security features
Identity and access management
Single sign-on (SSO) for Enterprise plans with Okta, Microsoft Entra ID (formerly Azure AD), and Google Workspace; supports any SAML 2.0 or OIDC‑compliant provider.
Role-based access control (RBAC) with Admin, Editor, Viewer, and Guest (agency accounts only), plus per‑brand permission controls.
Options for just‑in‑time provisioning, domain enforcement, and admin role management.
Regulatory compliance
GDPR and CCPA compliant.
Scrunch does not sell personal information.
Platform security and operations
Comprehensive audit logs of user actions.
Secure API integrations with token‑based authentication.
Enterprise support with SLAs and detailed analytics dashboards.
Example: implementing SSO with a SAML 2.0 provider
Request activation from Scrunch support to enable SSO.
Configure the Scrunch application in your identity provider (Okta, Entra ID, etc.).
Share IdP metadata with Scrunch.
Test and deploy, then enforce SSO organization‑wide.
Step‑by‑step instructions for supported providers are available in the SSO integration guide.
