Trust & Confidentiality

What we see
stays with you.

Every scan captures the interior logic of a building. The dimensions, the structure, the operational layout. That data belongs to the client. Our protocols exist to keep it that way.

The data is yours.
We are the engineers.

ScanAudit captures the built environment at millimeter precision. The point cloud, the BIM model, the digital twin: these are exact representations of your facility. They contain operational intelligence that competitors, facility managers, and architects would pay for.

We treat that intelligence as yours from the moment we deploy. On-site protocols, data handling procedures, and storage architecture are designed around one assumption: this information is sensitive, and protecting it is not optional.

Three Commitments

01 · On-Site

Controlled presence.
Documented access.

Every operator deployed under the ScanAudit network is LookAcademy-certified. On-site access is scoped to what the project requires, nothing more. Confidentiality protocols are briefed before deployment, not assumed. Operators do not retain project data. All capture material transfers to ScanAudit post-processing on the day of scan.

02 · Data

Your files.
Controlled access.

Raw scan data, point clouds, and derivative models are processed on ScanAudit infrastructure. Client deliverables are accessed through credentialed viewer accounts, isolated per project. Data is not shared between client accounts. Retention and deletion rights belong to the client and are defined at project start.

03 · Contractual

Written obligations.
Not verbal assurances.

Confidentiality terms are embedded in every project agreement. Non-disclosure obligations cover the ScanAudit team and the operator network. GDPR-aligned data processing applies as standard on all European mandates. For projects with specific regulatory requirements, DPA annexes are available on request.

The scan captures what a facility looks like from the inside. That is sensitive information. We operate accordingly.

ScanAudit was built on the operational demands of the world's largest events. FIFA. The Olympics. Facilities where security clearances, NDA stacks, and access protocols are the baseline, not an upgrade.

That standard was never relaxed when we expanded to retail, hospitality, and infrastructure. The client changes. The obligation does not.

Operational Standards

Certified operator network

No scan is executed by an uncertified technician. LookAcademy certification covers both technical execution and confidentiality obligations. This applies to every project, every market.

Isolated client environments

Each project operates in a segregated environment. Viewer access, file storage, and delivery credentials are project-specific. One client never has visibility into another client's data.

NDA by default

Confidentiality obligations are standard terms, not optional addons. Every project agreement includes non-disclosure language covering the full delivery chain from capture to final handoff.

Defined retention and deletion

Data retention periods are agreed at project start. Client rights include the right to request deletion of raw capture data after deliverables are accepted. No data is held beyond the agreed window without explicit written extension.

Scoped site access

Operators access only the areas required for the project scope, defined in advance with the client's security or facilities team. Access logs and operator credentials are available on request for regulated environments.

GDPR-aligned as standard

All European mandates are processed under GDPR-compliant data handling. Data Processing Agreement annexes are available for clients with additional regulatory obligations. Jurisdiction-specific requirements are addressed in project terms.

Delivery Model

Two tiers. One standard.

Not every project carries the same exposure. ScanAudit operates two delivery tracks, and the boundary between them is defined, not left to judgment.

Standard

Operator network

LookAcademy-certified scanning operators deployed globally. NDA by default. Confidentiality briefed before deployment. All raw data transferred to ScanAudit on the day of scan. Operators retain nothing.

Covers
Sports facilities Retail programs Urban mapping Infrastructure surveys Commercial construction
Sensitive

Internal team only

Direct deployment of the ScanAudit internal team. No network operators. No third-party access. Full chain of custody from scan to delivery within ScanAudit personnel only.

Triggers
Client contractual requirement Government or defence mandates Classified environments Regulated financial infrastructure Security clearance required Client request

The trigger for internal deployment is defined at project intake, not escalated after an issue. Clients with sensitive requirements flag this at first contact and the delivery model is confirmed before any operator is assigned.

A question about your project's security requirements?

Regulated environments, multi-site programs, and government mandates each carry specific constraints. We work to them.

Contact the team →