Skip to content
ScrapeNest

Designed for the security questionnaire

We're a French company selling to teams with real compliance obligations. The platform is built deny-by-default, audited, and aligned with GDPR and the NIS2 directive — not as a retrofit, but from the foundations.

This page is the short version. A signed DPA, our sub-processor list and a full security questionnaire are available under NDA — ask sales.

Tenant isolation

  • Every organization is a hard boundary, enforced in the application on every request
  • Org context is carried end to end; cross-tenant access is structurally impossible, not just checked
  • Optional Postgres row-level security as defense in depth
  • Isolated egress so one tenant's activity never affects another's reputation

Identity & access

  • OIDC/SSO login with MFA where applicable
  • Deny-by-default RBAC with separation of duties for platform staff
  • API keys hashed at rest, with lifecycle management and rotation
  • Every sensitive action is attributable to an identity

Data protection & privacy

  • EU-only data residency, hosted in France
  • Encryption in transit and at rest; secrets centralized and access-audited
  • GDPR DSAR workflows — export, delete, anonymize
  • Configurable retention, legal hold and scheduled purge for artifacts

Edge & network

  • TLS policy with HSTS, strict security headers
  • Rate limiting and IP allow/deny at the edge
  • WAF baseline (OWASP CRS) with a documented tuning workflow
  • Abuse and signup-fraud detection beyond simple per-key limits

Observability & response

  • Metrics, centralized logs, distributed traces and error monitoring
  • Security events emitted for auth failures, admin anomalies and abuse patterns
  • SIEM/IDS pipeline with incident triggers
  • On-call and incident-response runbooks, with backup and restore drills

Audit & governance

  • Immutable-style audit logs (who, what, when, where) for sensitive actions
  • Audit log export for Scale and Enterprise
  • Supply-chain practices in CI/CD: dependency scanning, SBOM per release, change trail
  • NIS2 used as the benchmark for controls, monitoring and operational readiness

Need the long version?

We'll walk your security team through the architecture, share the DPA and sub-processor list, and answer the questionnaire. Most reviews close in a single call.