
Scowtt Trust Hub · /trust
Scowtt helps enterprise teams activate first-party CRM engagement and GA4 web analytics for predictive growth while keeping customer data purpose-limited, tenant-separated, and customer-controlled.
"Your customer data powers your growth — not anyone else's."
Scowtt uses customer-approved data to generate customer-specific predictions, conversion values, insights, and workflow outputs. Customer data is not sold, pooled, co-mingled, or used to train models for other organizations.
Trust Snapshot
Report available under NDA
Model runs on behavioral and outcome signals
Third-party external security assessment
Dedicated GCP project per client
The Data Boundary
Customer-approved data enters an isolated Scowtt environment and customer-approved outputs leave. Customer data is not sold, pooled, co-mingled, or used for cross-customer learning.
The Scowtt Trust Model
Data Usage
Scowtt uses customer-approved data only to provide Scowtt services for that customer. Customer data is not sold, pooled, co-mingled, or used to train or improve models, scores, audiences, or outputs for another organization.
Customer Data is used to generate predictive scores, conversion values, insights, recommendations, and workflow outputs for that customer only.
Scowtt does not use one customer's data to train, tune, improve, or evaluate models, predictions, scores, audiences, or outputs for another customer.
Scowtt does not sell customer data, create shared audiences from customer data, or make one customer's data available to another customer.
Each client runs in a dedicated, isolated GCP project. Cross-tenant data access is not possible through normal operations.
Customers control which data sources are connected, which destinations are enabled, and where configured outputs are sent.
Scowtt sends configured outputs such as click IDs, predicted values, and hashed identifiers where applicable. Raw CRM records, sales notes, and full customer records are not transmitted.
Data Handling & Activation
Scowtt ingests only the data needed to deliver predictive growth. Integration is either a customer-initiated push or a read-only pull with scoped credentials. Scowtt never requests write access to client systems.
CRM engagement and outcome data such as lead status, appointment records, sales stage, revenue outcomes, and GA4 web analytics.
Scowtt does not require PII to run predictive models. The model runs on behavioral, engagement, and outcome signals.
A click ID, a predicted dollar value, and, where applicable, hashed identifiers for matching.
No raw personal data, raw CRM fields, sales notes, full customer records, or customer-specific business intelligence.
Customer Data is retained for the contract term and deleted in full upon termination. Deletion is available on request at any time, subject to legal, security, and backup requirements.
AI & Models
Scowtt uses customer-approved data to generate predictions and outputs for that customer's business objectives. Customer data is not used to train, tune, or improve models for other organizations.
Predictions and outputs are generated for the customer that provided or authorized the data. Every model, score, and output is scoped to that customer's environment.
Security Controls
Each client runs in a dedicated, isolated GCP project.
Centralized SSO with mandatory MFA for all business-critical systems.
Production access is limited to authorized personnel with a business need.
AES-256 at rest using AWS KMS or GCP Cloud KMS. TLS 1.2 minimum in transit, TLS 1.3 prioritized.
Role-based, least-privilege access. Reviewed quarterly, revoked within one business day of termination.
Annual third-party external penetration testing. Executive summary available under NDA.
Target notification within 72 hours of a confirmed reportable breach, followed by post-incident review.
Google Cloud Platform, AWS, and Descope for token management only. All reviewed for security and compliance.
Evidence Locker
Trust FAQ
No. Scowtt does not use one customer's data to train, tune, improve, or evaluate models, predictions, scores, audiences, or outputs for another customer.
No. Each client runs in a dedicated, isolated GCP project, and cross-tenant data access is not possible through normal operations.
No. Scowtt does not require PII to run predictive models. The model runs on behavioral, engagement, and outcome signals.
A click ID, a predicted dollar value, and, where applicable, hashed identifiers for matching. Raw CRM records, sales notes, and full customer records are not transmitted.
Customer Data is retained for the contract term and deleted in full upon termination. Deletion is available on request at any time, subject to legal, security, and backup requirements.
Production access is limited to authorized personnel with a business need, governed by role-based, least-privilege access that is reviewed quarterly.
AES-256 at rest using AWS KMS or GCP Cloud KMS. TLS 1.2 minimum in transit, with TLS 1.3 prioritized.
Yes. Annual third-party external penetration testing is performed, and an executive summary is available under NDA.
SOC 2 report, penetration test summary, Data Processing Addendum, subprocessor list, data-flow overview, security questionnaire responses, architecture overview, and incident response overview.
Yes. Scowtt provides security questionnaire responses and can complete standard questionnaires under NDA.
Scowtt can provide SOC materials, DPA, pen test summary, subprocessor details, data-flow overview, and security questionnaire responses under NDA.