Your Data Belongs to You
DATA ISOLATION
At Scanlog , every account operates in its own isolated data space. Users in your organisation can only see, access, or interact with your own records.
​
This isolation is enforced at every layer of the application — from the database queries to the API to the front-end interface. There is no mechanism that would allow a user from one organisation to view, search, or retrieve data belonging to another.
​
What this means in practice:
Your assets are only visible to users in your account
Your user list cannot be seen by anyone outside your account
Your bookings are private to your organisation
Your reports only ever contain your own data
There is no way for Scanlog to accidentally expose your data to another customer, even in the event of a configuration error
Infrastructure
Enterprise-grade hosting. Always-on encryption.
Scanlog is hosted on enterprise-grade cloud infrastructure. We use industry-standard practices to protect your data at every stage — whether it's moving between your browser and our servers, or sitting in our database.
​
In transit:
All communication between your browser (or phone) and Scanlog is encrypted using TLS 1.2 and HTTPS. You'll see the padlock in your browser address bar. Unencrypted HTTP connections are not permitted.
​
At rest:
Sensitive data stored in our database is encrypted at rest using industry-standard encryption. This means that even in the unlikely event of a storage-level breach, your data is protected.
​
Availability:
We aim to maintain a high level of platform uptime. Planned maintenance is communicated in advance wherever possible. In the event of an unplanned outage, we work to restore service as quickly as possible.
Access Controls
The right people see the right things. Nothing more.
Inside your Scanlog account, you decide exactly who can access what. Permissions in Scanlog are built around roles and groups — giving you fine-grained control without making it complicated.
​
Built-in Role based access:
Configure scanlog to have specific groups and roles for different types of users. Control over who can access what functionality or feature is completely within the administrator's control.
​
Password security:
Passwords must meet minimum complexity requirements — length, uppercase, lowercase, number, and special character. Accounts are temporarily locked after repeated failed sign-in attempts to prevent brute-force attacks.
�​
Single sign-on (SSO):
Users can sign in with Google or Microsoft accounts, removing the need for a separate Scanlog password. This lets organisations use their existing identity management infrastructure.
Professional Plan Feature
A complete, timestamped record of everything that happens.
The audit log is available on the Professional plan. It records every action taken in your account. All of it is logged with the name of the person who performed the action and the exact date and time it happened.
​
The audit log cannot be edited or deleted — it's a permanent, tamper-resistant record that you can export for compliance or internal reviews.
​
Who this is particularly valuable for:
Healthcare organisations managing portable medical equipment
Educational institutions tracking loaned devices and equipment
Government and public sector teams managing public assets
Any organisation subject to compliance or audit requirements
IT teams needing a full chain of custody for hardware
Data Ownership
Your data is yours. Always.
When you put your asset data, booking records, and user information into Scanlog, that data belongs to you. We hold it on your behalf. We do not sell it, share it with third parties, or use it for advertising.
​
What we use your data for:
Operating and delivering the Scanlog service to you
Improving the product based on how it's used in aggregate
Sending automated emails related to your bookings and account
Responding to your support requests
Third-party services we use:
-
Scanlog uses a small number of trusted third-party services to operate:
-
SendGrid (for email delivery), Stripe (for secure payment processing),
-
and our cloud hosting provider. These providers have their own security
-
practices and are bound by data processing agreements.
​
Scanlog does not store your credit card details — payment processing is  handled entirely by Stripe, which is PCI DSS compliant.
​
Your rights:
You can request a copy of your data or request deletion of your account and data at any time. We will respond within 1-5 business days.
​
For our full privacy practices, see our Privacy Policy.
Cookies
We use cookies only for what's necessary.
Scanlog uses cookies:
​
Session cookies — required to keep you signed in while you use the platform. These expire when you close your browser unless you tick "Remember me", in which case a persistent cookie is set for 30 days.
​
We do not use advertising cookies or third-party tracking cookies anywhere in the Scanlog platform. Our marketing website (scanlog.co) may use basic analytics cookies to understand visitor behaviour in aggregate. You can opt out via your browser settings.
Security Posture
A+ Security From SSLLABS
We have taken every measure to ensure that the site is secured and stable for everyone. Whether you are an SMB or large enterprise, you can be assured that scanlabs run on the most secured environment incorporating all the industry recommended policies.