Question 1

What is ScaleDesk360?

Accepted Answer

ScaleDesk360 is an AI-powered marketing automation platform for agencies and consultants. It manages your clients' entire digital marketing operation — content creation, social media posting, CRM, appointment booking, SEO, email marketing, and Google Business Profile management — all on autopilot.

Question 2

How much does ScaleDesk360 cost?

Accepted Answer

ScaleDesk360 offers four tiers: Starter at $497/month (up to 5 clients), Growth at $997/month (up to 15 clients), Agency at $1,997/month (unlimited clients), and Enterprise at $4,997/month (fully managed enterprise solution). Annual plans save approximately 20%. All plans include a 7-day free trial with no credit card required.

Question 3

Does ScaleDesk360 post directly to social media?

Accepted Answer

Yes. ScaleDesk360 publishes approved content directly to Facebook, Instagram, LinkedIn, X (Twitter), and Google Business Profile using official APIs. Once a client's social accounts are connected, content is published automatically upon approval — no manual copy-paste required.

Question 4

What industries does ScaleDesk360 work for?

Accepted Answer

ScaleDesk360 works for any local or service-based business including restaurants, real estate, law firms, medical practices, fitness studios, salons, contractors, and retail. The AI engine customizes all content to the client's specific industry, brand voice, and target audience.

Question 5

Is there a free trial for ScaleDesk360?

Accepted Answer

Yes. Every plan includes a 7-day free trial with no credit card required. You get full access to all platform features during the trial period. After 7 days, your plan activates automatically or you can cancel with no obligation.

Requirement	Status	Details
HTTPS / TLS 1.3	Compliant	All data in transit encrypted via TLS 1.3. HTTP automatically redirected to HTTPS.
HTTP Security Headers	Compliant	Helmet.js enforces CSP, HSTS (1 year + preload), X-Frame-Options: DENY, X-Content-Type-Options, Referrer-Policy.
Rate Limiting	Compliant	120 req/15 min general; 10 req/15 min auth; 30 req/15 min AI endpoints.
Input Validation	Compliant	All API inputs validated via Zod schemas server-side. SQL injection prevented via Drizzle ORM parameterized queries.
Authentication	Compliant	JWT-based session tokens (HS256), 1-year expiry, HttpOnly + Secure + SameSite=Strict cookies.
FedRAMP Authorization	In Progress	Not yet authorized. FedRAMP Moderate authorization process has not been initiated. Required for federal use.
FIPS 140-2 Encryption	In Progress	Standard TLS/JWT encryption used. FIPS 140-2 validated cryptographic modules not yet confirmed.

Requirement	Status	Details
GDPR (EU/EEA)	Compliant	Data processing agreements available. Right to access, rectification, erasure, and portability supported. DPA available upon request.
CCPA (California)	Compliant	No sale of personal information. California residents may request access or deletion. Opt-out mechanism available.
Data Residency	Partial	Primary data stored on US-based servers. AI inference may route through third-party APIs. Data residency SLA available for enterprise contracts.
Data Retention	Compliant	Account data deleted within 90 days of termination. Audit logs retained for 7 years per IRS guidance.
PII Minimization	Compliant	Only business-necessary PII collected. No SSN, passport, or financial account numbers stored.
HIPAA	N/A	ScaleDesk360 is a marketing automation platform. It is not designed to store, process, or transmit Protected Health Information (PHI). Not suitable for covered entities without a BAA.

Requirement	Status	Details
Uptime SLA	Compliant	99.5% monthly uptime target. Status page available at /status. Incident notifications via email.
Backup & Recovery	Compliant	Daily automated database backups with 30-day retention. Point-in-time recovery available.
Penetration Testing	In Progress	Annual third-party penetration testing scheduled. Last test: not yet completed (platform launched 2026).
SOC 2 Type II	In Progress	SOC 2 Type II audit initiated. Expected completion Q4 2026. SOC 2 Type I report available upon request.
ISO 27001	In Progress	Information security management system (ISMS) aligned with ISO 27001 controls. Formal certification in progress.
Disaster Recovery	Compliant	RTO: 4 hours. RPO: 24 hours. Multi-region failover capability available for enterprise contracts.

Requirement	Status	Details
SAM.gov Registration	In Progress	System for Award Management (SAM.gov) registration in process. Required for federal contract awards.
DUNS / UEI Number	In Progress	Unique Entity Identifier (UEI) registration pending. Required for federal procurement.
GSA Schedule	Not Yet	GSA Multiple Award Schedule (MAS) application not yet submitted. Contact sales for sole-source justification support.
FAR Compliance	Partial	Terms of Service include FAR-compatible clauses for data rights and IP. Full FAR Part 12 compliance review in progress.
ITAR / EAR	Compliant	Platform does not handle controlled defense articles or export-controlled technical data. Not subject to ITAR/EAR restrictions.
Buy American Act	Compliant	Platform developed and hosted in the United States. Qualifies as a U.S.-origin service.

Requirement	Status	Details
Section 508	Partial	Substantially compliant with Section 508 Subparts B and C. Full VPAT available upon request. See /accessibility for details.
WCAG 2.1 Level A	Compliant	All Level A success criteria met. Semantic HTML, keyboard navigation, and ARIA labels implemented.
WCAG 2.1 Level AA	Partial	Partially compliant. Known gaps in chart text alternatives and video captions. Remediation scheduled Q2-Q3 2026.
ADA Title III	Partial	Web content substantially accessible. Ongoing remediation per DOJ guidance on web accessibility.

Compliance & Security Documentation

Security Framework

Data Privacy

Infrastructure

Government Procurement

Accessibility

Available Documentation

Compliance Contact