Your clients trust you with sensitive documents. We take that seriously.
Enterprise-grade security on dedicated European infrastructure.
Encryption
All data is encrypted with TLS in transit and AES-256 at rest. Every file uploaded through DocScoop is stored encrypted and accessible only through time-limited, presigned URLs. Database connections are encrypted and pooled through PgBouncer for additional isolation.
Infrastructure
DocScoop runs on dedicated Hetzner servers in the European Union. Our infrastructure uses Docker Swarm with isolated networks, separating application servers, databases, and background workers across dedicated nodes. No shared hosting, no multi-tenant cloud functions.
Access Control
Staff authentication uses JWT tokens verified against RS256 keys via JWKS. Role-based permissions ensure that only authorized team members can access, approve, or reject documents. Client portal access is scoped per engagement using high-entropy tokens — no passwords required.
File Storage
Documents are stored in MinIO (S3-compatible object storage) with private buckets. Files are never publicly accessible. Access is granted through presigned URLs that expire after a short time window, ensuring documents cannot be shared or accessed outside of DocScoop.
Monitoring
We run 24/7 uptime monitoring with Uptime Kuma, error tracking with GlitchTip, and infrastructure metrics through Prometheus and Grafana. Any anomaly triggers immediate alerts so we can respond before it affects your workflow.
Compliance
SOC 2 Type II certification is in progress. DocScoop is designed with GDPR awareness — we minimize data collection, provide data export and deletion capabilities, and never share your data with third parties for non-essential purposes.
Report a Vulnerability
If you have security concerns or want to report a vulnerability, contact us at security@docscoop.com. We take every report seriously and aim to respond within 24 hours.