Security program
Security
Scroller is designed around secure cloud processing, minimal public infrastructure, and limited access to user email data.
Security measures
- HTTPS for public traffic.
- Private databases and queues that are not directly exposed to the public internet.
- Encrypted storage for sensitive OAuth tokens.
- Access controls for production systems.
- Operational logging for security, abuse detection, and reliability.
- Separation between the public marketing site and API host.
Google API security assessment
Scroller is designed to support Google's sensitive and restricted scope review process, including secure data handling, minimum required permissions, Limited Use disclosures, and security assessment preparation where required.
Report a vulnerability
Email security@scroller.ai. Include enough detail to reproduce the issue. We appreciate responsible disclosure and ask that you avoid accessing or sharing another person's data.