HomeLabs
RecruiterTalent

Security, Compliance & Trust

At Scalyz, security, data protection, and operational resilience are core principles embedded in the design and operation of our platform. This page transparently outlines our infrastructure, compliance commitments, and governance practices.

Privacy Illustration

Last Updated: 06 March 2026

1. Infrastructure & Hosting

Scalyz is hosted on Amazon Web Services (AWS) infrastructure within the European Union.

  • Primary region: EU (eu-north-1)
  • Infrastructure deployed using Infrastructure as Code (IaC)
  • Multi-tenant architecture with logical isolation at organization level
  • Daily encrypted backups

Enhanced Isolation – Enterprise Premium

For clients requiring advanced isolation, Scalyz can deploy:

  • Dedicated infrastructure
  • Isolated database environment
  • Separate application stack
  • Independent network traffic

This option is subject to a specific contractual agreement and tailored commercial terms.

2. Availability & Support

Scalyz targets:

99% annual service availability

Support Hours

Support is available:

  • Monday to Friday
  • 9:00 AM – 6:00 PM (CET / CEST)
  • Excluding French public holidays

Support Levels

Standard Support

  • Response within 8 business hours

Premium Support

  • Response within 4 business hours

Security incidents and service-blocking disruptions are handled with highest priority regardless of support tier.

Resolution time depends on severity, complexity, and operational impact.

3. Monitoring & Supervision

Scalyz implements multi-layer monitoring:

  • Internal supervision via AWS CloudWatch
  • External 24/7 monitoring via BetterUptime
  • Automated alerting
  • Technical on-call escalation triggered after 1 hour if automated remediation fails

Public status page:
👉 Scalyz status

In case of major incident:

  • Initial notification within 4 hours
  • Public updates every 4 hours

4. Business Continuity & Disaster Recovery

Scalyz maintains an internal business continuity procedure enabling full infrastructure redeployment using Infrastructure as Code (IaC).

  • Cross-region recovery capability
  • Daily encrypted backups

Recovery Objectives

  • RTO (Recovery Time Objective): 24 hours
  • RPO (Recovery Point Objective): 24 hours

A disaster recovery exercise was conducted on December 22, 2025.

An annual recovery test is scheduled during the third week of December, a period of lower activity.

Affected users are informed at least three (3) months in advance via email notification associated with their registered user account, as well as through the public status page where applicable.

Tests are organized to minimize operational impact and do not result in data loss.

5. Data Protection & GDPR Compliance

Scalyz operates in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

Responsibility model:

  • Enterprise clients act as Data Controllers
  • Scalyz acts as Data Processor

Our Data Processing Agreement (DPA) is available at:
👉 Scalyz

Related documents:

  • Privacy Policy
  • Cookie Policy
  • Enterprise Terms & Conditions

6. Nature of Processed Data

Scalyz does not process:

  • Biometric data
  • Special category (sensitive) data
  • Video data

Data processed may include:

  • Professional identification information
  • Technical activity performed during lab sessions
  • Executed commands
  • Files generated during assessments

Behavioral analysis is strictly limited to technical performance evaluation and does not involve discriminatory profiling.

7. Security Measures

Scalyz implements, among others:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest (RDS, S3)
  • Daily encrypted backups
  • Mandatory Multi-Factor Authentication (MFA) for internal access
  • VPN-protected administrative access
  • Role-based access control following the least privilege principle
  • Log retention limited to 1 year

Regular internal security assessments are conducted.

8. Incident Management & Security

Scalyz maintains an internal incident management procedure.

In case of incident:

  • Immediate prioritization of security incidents
  • Initial notification within 4 hours for major incidents
  • Ongoing communication via the public status page

Dedicated security contact:
📧 security@scalyz.com

Personal data breaches are handled in accordance with GDPR obligations.

9. Transparency & Logging

Enterprise clients may download:

  • Candidate technical activity logs
  • Executed commands
  • Files generated during lab sessions

Additional requests for technical logs may be reviewed by the support and security teams.

10. Responsible Artificial Intelligence

Scalyz may use artificial intelligence tools for advanced reporting generation.

  • Data transmitted for AI processing is anonymized
  • No personally identifiable information is shared
  • AI serves as a decision-support tool and not as an autonomous decision-maker

11. Governance & Roadmap

Scalyz maintains:

  • An internal security lead
  • A documented incident management procedure
  • A maintained record of processing activities
  • Internal backup policies

ISO 27001 certification is targeted for 2026.

Commitment

Scalyz is committed to maintaining transparency, security, and regulatory compliance in order to ensure trust for its enterprise clients, partners, and users.

Validate technical skills 
in real-world conditions.
facebook iconinstagram iconyoutube icontwitter iconlinkedin icon
Join Community
Company
About usCareersPricingPrivacySecurity & ComplianceTerms of Sale EnterpriseTerms of Use Enterprise
Contact
Join usBlogCommunityContactFAQ
More
Help centerValidation FrameworkData ProcessingTerms of Use TalentInformation Security PolicyLegal Notice
Copyright © 2026 Scalyz
Copyright © 2026 Scalyz