Scopio
Back

Information
Security Policy

Scopio Automation · Denys Hritsanov Scopio · NIP 8971961798

Last updated

June 2026

01Scope & Purpose

This Information Security Policy applies to all systems, services, and data managed by Denys Hritsanov Scopio (Scopio Automation), including the business.scopio.pl platform and all associated APIs. The purpose is to protect the confidentiality, integrity, and availability of customer and partner data.

02Data Access Controls

Access to customer data is restricted on a need-to-know basis. All API endpoints are protected by JWT authentication. Administrative access requires multi-factor authentication. Credentials and API keys are stored in encrypted environment variables and never exposed in source code.

03Network Security

The platform infrastructure is hosted on Vercel (edge network) and Supabase (managed PostgreSQL). Both providers enforce network-level isolation, TLS 1.2+ encryption, DDoS protection, and automated vulnerability patching. All communication uses HTTPS exclusively.

04Endpoint Security

All company devices used for development and administration are protected by up-to-date antivirus software and OS security patches. Remote access to production systems is restricted.

05Data Encryption & Storage

All data at rest is encrypted using AES-256. Seller credentials are encrypted before storage. Payment processing is handled exclusively by Stripe — no card data is stored on Scopio systems.

06Third-Party Integrations

Scopio integrates with TikTok Shop, Shopify, Stripe, InPost, and DPD via official APIs with OAuth 2.0 or API key authentication. Minimum required permissions are requested.

07Incident Response

In the event of a security incident or data breach, affected users and relevant authorities will be notified within 72 hours as required by GDPR. Contact: growmebusiness.pl@gmail.com

08Policy Review

This policy is reviewed and updated at least annually. Last reviewed: June 2026.

Infrastructure

  • Vercel — Edge CDN, DDoS protection
  • Supabase — Managed PostgreSQL, AES-256
  • Stripe — PCI-DSS Level 1 payments
  • TLS 1.2+ — All connections encrypted

Contact

Security inquiries:
growmebusiness.pl@gmail.com

Compliance

  • GDPR — EU data protection
  • RODO — Polish data protection law
  • PCI-DSS — via Stripe
Book a consultation