Security built into every layer.

From transient file processing to regional data sovereignty, Scanii was designed from the ground up to protect your data — and your customers'.

How we protect your data

Zero-retention processing: Your files are only on our servers for the time it takes to analyze them — usually milliseconds. We retain only the metadata needed to return results. Optional customer-supplied metadata is indexed using cryptographic hashes — original values are never stored
Data sovereignty: Content sent to a region stays in that region. Period. With six global regions — US, Canada, Ireland, UK, Australia, and Singapore — your files are processed locally and never traverse region boundaries.
Encryption everywhere: TLS 1.3 in transit. AES-256 at rest. Passwords are protected with bcrypt hashing. Verify our A+ SSL Labs ratings yourself: api-us1.scanii.com.
Built on AWS: Scanii runs entirely on Amazon Web Services with network-based intrusion detection, endpoint protection, automated patching, and daily backups across all regions.

Scanii processes file content transiently and does not retain customer-submitted files, which simplifies compliance across multiple frameworks.

GDPR / UK GDPR: Regional file processing with no content retention. Files never leave your chosen jurisdiction.
HIPAA: Business Associate Agreement available for qualifying customers.
CCPA / CPRA: We never sell personal information. Data collection is limited to what's needed to provide our services.
PIPEDA: Canadian processing region available, enabling your organization to keep Canadian personal information within Canadian jurisdiction.
SOC: SOC 2 certification in progress. AWS SOC 1/2/3 reports available upon request via our Trust Center.

For a detailed technical overview, read our security overview in the documentation.