Dscout is fully compliant with GDPR (General Data Protection Regulation), as well as state-specific guidelines like CCPA. We are also HITRUST certified and HIPPA compliant. We take privacy and security incredibly seriously at Dscout. We strive to make Dscout the safest, most secure place for you to do your in-context qualitative research. And because we have clients working with European participants, we’ve gone the extra mile to fully comply with GDPR strict privacy standards.
Here’s what we’re doing to keep everyone’s data safe:
Scout Terms and Conditions
Data privacy drives our entire business model. Our Scout Terms and Conditions clarify the relationship with Scouts to make sure that everyone—not just European Scouts—clearly understands that we’re paying for the data they provide us, and that we own it. We also address legal protections for our customers. For more information, see our Scout Terms and Conditions.
Scout Privacy Policy
Dscout’s Scout Privacy Policy includes language about the way Scouts can modify or delete their accounts, including sensitive information, while still preserving our rights to the data they have submitted. We also make it clear to Scouts how their data can be used by our customers and by Dscout. Every Scout is required to accept these terms and privacy policy (using a third-party arms-length validation process through our partner Ironclad) before using the Dscout mobile app.
Researcher and Visitor Privacy Policy
The Researcher and Visitor Privacy Policy extends appropriate GDPR protections to you when you visit our website or work with us. For example, you can easily delete your researcher account, remove personal information, or change your personal profile. The policy applies any time you use our website (dscout.com) or researcher platform (app.dscout.com). For more information, see our Researcher and Visitor Privacy Policy.
Online Access Agreement
All customers are subject to the Access Agreement, unless we have negotiated a separate MSA or similar document. Please read the entire agreement before starting your next Dscout mission.
Data Processing Agreement (DPA) language is included. In GDPR terminology, both Dscout and our customers are “data controllers,” so we wrote our DPA that way. We can also sign our customers’ DPAs when we maintain a separate MSA. Please contact privacy@dscout.com with any questions.
Enhanced security
There’s no privacy without solid security. We invest heavily to ensure nothing but the most secure data infrastructure:
- We evaluate our technology partners to ensure they are compliant with GDPR and otherwise as secure as we are.
- We are ISO 27001 certified and subject to annual SOC 2 Type II audits. Contact sales@dscout.com for more information.
- We subject ourselves to rigorous penetration testing by Cobalt, a world-class security leader. While no one can ever promise to prevent all hacking, we take strong, commercially-reasonable methods to keep your data safe.
- Dscout has appointed a Data Protection Officer (DPO) to monitor and manage our IT security and privacy practices. You can reach the DPO by email at privacy@dscout.com.
- We periodically review and strengthen our privacy and security policies. And we continually train everyone at Dscout to ensure that privacy and security are top of mind.