What is ScaleDesk360?

ScaleDesk360 is an AI-powered marketing automation platform for agencies and consultants. It manages your clients' entire digital marketing operation — content creation, social media posting, CRM, appointment booking, SEO, email marketing, and Google Business Profile management — all on autopilot.

How much does ScaleDesk360 cost?

ScaleDesk360 offers four tiers: Starter at $497/month (up to 5 clients), Growth at $997/month (up to 15 clients), Agency at $1,997/month (unlimited clients), and Enterprise at $4,997/month (fully managed enterprise solution). Annual plans save approximately 20%. All plans include a 7-day free trial with no credit card required.

Does ScaleDesk360 post directly to social media?

Yes. ScaleDesk360 publishes approved content directly to Facebook, Instagram, LinkedIn, X (Twitter), and Google Business Profile using official APIs. Once a client's social accounts are connected, content is published automatically upon approval — no manual copy-paste required.

What industries does ScaleDesk360 work for?

ScaleDesk360 works for any local or service-based business including restaurants, real estate, law firms, medical practices, fitness studios, salons, contractors, and retail. The AI engine customizes all content to the client's specific industry, brand voice, and target audience.

Is there a free trial for ScaleDesk360?

Yes. Every plan includes a 7-day free trial with no credit card required. You get full access to all platform features during the trial period. After 7 days, your plan activates automatically or you can cancel with no obligation.

Compliance Center

Compliance & Security Documentation

This page provides transparency into ScaleDesk360™'s security posture, data privacy practices, infrastructure standards, and government procurement readiness for municipal, state, and federal agencies.

Last Updated: March 15, 2026 | Version: 2.0

Status Legend

CompliantPartialIn ProgressNot YetN/A

Important Notice for Government Procurement Officers

ScaleDesk360™ is a commercial SaaS platform currently pursuing FedRAMP Moderate authorization and SAM.gov registration. It is not yet authorized for use on federal systems that require FedRAMP authorization. State and municipal agencies with less restrictive requirements may proceed under their own risk assessment frameworks. Contact our enterprise team for a full security package including VPAT, SOC 2 report, and penetration test results.

Security Framework

Requirement	Status	Details
HTTPS / TLS 1.3	Compliant	All data in transit encrypted via TLS 1.3. HTTP automatically redirected to HTTPS.
HTTP Security Headers	Compliant	Helmet.js enforces CSP, HSTS (1 year + preload), X-Frame-Options: DENY, X-Content-Type-Options, Referrer-Policy.
Rate Limiting	Compliant	120 req/15 min general; 10 req/15 min auth; 30 req/15 min AI endpoints.
Input Validation	Compliant	All API inputs validated via Zod schemas server-side. SQL injection prevented via Drizzle ORM parameterized queries.
Authentication	Compliant	JWT-based session tokens (HS256), 1-year expiry, HttpOnly + Secure + SameSite=Strict cookies.
FedRAMP Authorization	In Progress	Not yet authorized. FedRAMP Moderate authorization process has not been initiated. Required for federal use.
FIPS 140-2 Encryption	In Progress	Standard TLS/JWT encryption used. FIPS 140-2 validated cryptographic modules not yet confirmed.

Data Privacy

Requirement	Status	Details
GDPR (EU/EEA)	Compliant	Data processing agreements available. Right to access, rectification, erasure, and portability supported. DPA available upon request.
CCPA (California)	Compliant	No sale of personal information. California residents may request access or deletion. Opt-out mechanism available.
Data Residency	Partial	Primary data stored on US-based servers. AI inference may route through third-party APIs. Data residency SLA available for enterprise contracts.
Data Retention	Compliant	Account data deleted within 90 days of termination. Audit logs retained for 7 years per IRS guidance.
PII Minimization	Compliant	Only business-necessary PII collected. No SSN, passport, or financial account numbers stored.
HIPAA	N/A	ScaleDesk360 is a marketing automation platform. It is not designed to store, process, or transmit Protected Health Information (PHI). Not suitable for covered entities without a BAA.

Infrastructure

Requirement	Status	Details
Uptime SLA	Compliant	99.5% monthly uptime target. Status page available at /status. Incident notifications via email.
Backup & Recovery	Compliant	Daily automated database backups with 30-day retention. Point-in-time recovery available.
Penetration Testing	In Progress	Annual third-party penetration testing scheduled. Last test: not yet completed (platform launched 2026).
SOC 2 Type II	In Progress	SOC 2 Type II audit initiated. Expected completion Q4 2026. SOC 2 Type I report available upon request.
ISO 27001	In Progress	Information security management system (ISMS) aligned with ISO 27001 controls. Formal certification in progress.
Disaster Recovery	Compliant	RTO: 4 hours. RPO: 24 hours. Multi-region failover capability available for enterprise contracts.

Government Procurement

Requirement	Status	Details
SAM.gov Registration	In Progress	System for Award Management (SAM.gov) registration in process. Required for federal contract awards.
DUNS / UEI Number	In Progress	Unique Entity Identifier (UEI) registration pending. Required for federal procurement.
GSA Schedule	Not Yet	GSA Multiple Award Schedule (MAS) application not yet submitted. Contact sales for sole-source justification support.
FAR Compliance	Partial	Terms of Service include FAR-compatible clauses for data rights and IP. Full FAR Part 12 compliance review in progress.
ITAR / EAR	Compliant	Platform does not handle controlled defense articles or export-controlled technical data. Not subject to ITAR/EAR restrictions.
Buy American Act	Compliant	Platform developed and hosted in the United States. Qualifies as a U.S.-origin service.

Accessibility

Requirement	Status	Details
Section 508	Partial	Substantially compliant with Section 508 Subparts B and C. Full VPAT available upon request. See /accessibility for details.
WCAG 2.1 Level A	Compliant	All Level A success criteria met. Semantic HTML, keyboard navigation, and ARIA labels implemented.
WCAG 2.1 Level AA	Partial	Partially compliant. Known gaps in chart text alternatives and video captions. Remediation scheduled Q2-Q3 2026.
ADA Title III	Partial	Web content substantially accessible. Ongoing remediation per DOJ guidance on web accessibility.

HIPAA-Aware Infrastructure for Healthcare Professionals

ScaleDesk360™ is a marketing automation and business operations platform — not a clinical records system. We do not store, process, or transmit Protected Health Information (PHI) such as patient diagnoses, treatment records, or insurance data. This means the platform is not a HIPAA-covered entity by default.

However, healthcare professionals — including physicians, physician assistants, traveling nurses, medical sales representatives, and medical equipment specialists — use ScaleDesk360™ for business operations that do not involve PHI: scheduling follow-ups with prospects, automating marketing content, managing referral pipelines, tracking sales territories, and sending appointment reminders to contacts who have opted in.

What ScaleDesk360™ handles safely

• Prospect and referral contact management
• Appointment reminder sequences (opt-in contacts only)
• Marketing content for practice growth
• Medical sales territory and pipeline tracking
• Credentialing follow-up sequences
• Review generation from satisfied patients (post-visit)
• Staff and team coordination workflows

What ScaleDesk360™ is NOT for

• Storing patient diagnoses or treatment records
• Transmitting lab results or clinical notes
• Processing insurance claims or EOBs
• EHR/EMR integration or patient portal functions
• Any workflow requiring PHI under 45 CFR Part 164

Business Associate Agreement (BAA)

If your use case requires a BAA — for example, if your practice management workflow involves any incidental PHI — we offer a BAA for enterprise healthcare accounts. Our BAA covers data handling, breach notification, and subprocessor obligations in accordance with 45 CFR §164.504(e).

Request a BAA Ask a Compliance Question

This statement does not constitute legal advice. Healthcare organizations should consult with their own HIPAA compliance officer or legal counsel before deploying any third-party platform for workflows that may involve PHI.

Available Documentation

The following documents are available upon request for government procurement review. Please email our compliance team with your agency name and intended use case.

VPAT / Accessibility Conformance Report (ACR)Available

SOC 2 Type I Report (2026)Available

Penetration Test Executive SummaryIn Progress

Data Processing Agreement (DPA)Available

Business Associate Agreement (BAA)In Progress

System Security Plan (SSP)In Progress

Privacy Impact Assessment (PIA)Available

Incident Response PlanAvailable

Request Compliance Package Government & Enterprise Pricing

Compliance Contact

Security & Compliance

[email protected]

Response within 2 business days

Government & Enterprise Sales

[email protected]

Sole-source justification support available