Scalple
Scalple
See it in action

Surgical access
to production data.
Zero exposure.

Scalple replaces shared database credentials with structured, audited access. Every query is scoped, logged, and structurally immutable. Built for teams operating under GDPR, HIPAA, and strict data sovereignty requirements.

See it in actionUse it for free
GDPR compliant
Frankfurt · Paris · Amsterdam
script.ts
prod-eu-west
1// Script runs in isolated-vm with author-level CASL permissions
2// Use server('name', type.X) to connect — pass the display name
3 
4async function run() {
5 const db = server('retail-postgres', type.Postgres);
6 
7 const users = await db.find('customers',
8 { segment: 'at_risk' },
9 { limit: 25 },
10 );
11 
12 log('Found', users.length, 'at-risk customers');
13 
14 for (const user of users) {
15 await email.send({
16 to: user.email,
17 subject: 'We miss you',
18 });
19 }
20 
21 return { notified: users.length };
22}
23 
24return await run();
Terminal
Run a script to see output here
TypeScript · isolated-vm
analyst · read-only scope

Security that ships
as infrastructure.

Scalple is not a policy layer on top of your existing access patterns. It replaces the access model entirely — from credentials to queries to compliance reporting.

Access model replacement
Access model

Zero credential exposure

No SSH tunnels. No shared .env files. No credentials in Slack messages. Developers request scoped access through a policy engine — credentials never leave Scalple's control plane.

Ephemeral, session-bound access tokens replace long-lived secrets entirely.
Audit integrity

INSERT-only audit trail

Every query, every access request, every denied operation is appended to an immutable log. The schema enforces INSERT-only writes — no UPDATE, no DELETE, no backfilling possible.

Cryptographic chain ensures tampering is detectable even by infrastructure admins.
Data sovereignty

EU-only cloud

AWS is excluded — CLOUD Act jurisdiction creates legal risk for EU data subjects. Scalple runs on EU-domiciled providers: Hetzner, OVH, Exoscale.

GDPR Art. 28 DPA as standard. No sub-processors outside the EEA.
Query execution

Sandboxed TypeScript

Queries run as typed TypeScript functions inside V8 Isolates with hard limits on memory, CPU, and network. No arbitrary code execution risk.

1 MB memory · 500ms wall-clock · no outbound requests.
Compliance

GDPR engine

DSR workflows, RoPA, and breach notifications are structural — not procedural. Built into the access model, not bolted on afterward.

DSR auto-routing. RoPA generated from schema annotations.

Access control built in.
Not bolted on.

A complete platform for controlled production database access — from query execution and schema browsing to compliance export and script automation.

Database IDE

Multi-database browsing, without credentials.

Connect PostgreSQL, MySQL, MongoDB, and Redis. Browse table schemas, run queries, and paginate results — all through Scalple's policy engine. Credentials stay in the vault.

  • Expandable tree view — tables, collections, key views
  • Query execution with filter, sort, and pagination
  • Schema viewer with column types and nullability
  • Connection status with real-time health checks
PostgreSQL Analyticspgconnected
customers10,0005ms
#IDEMAILFIRST_NAMELAST_NAMECTRSEGMENT
DB Explorer
pgpostgres
Access control

Field- and record-level permissions.

CASL-based enforcement on every query. Roles map to your IdP groups — Entra ID, Google Workspace, or any OIDC provider. Edit permissions in the UI, not config files.

  • Per-column field selection and per-row conditions on every query
  • Role hierarchy with IdP group synchronization
  • Entra ID, Google Workspace, and custom OIDC providers
  • Permission editor UI — no config files to manage
Access Control
Abilities
CASL-enforced
Groups
Roles — Developers
Permissions — Developer
viewonservers_page
viewondatabase_server
viewondatabase
viewontable
viewoncolumn
viewonscript
createonscript
updateonscript
deleteonscript
DevelopersDeveloper9 permissions
Actionsviewcreateupdatedeletemanageexport
Audit & compliance

Real-time audit log. INSERT-only, always.

Every access attempt is logged with actor attribution, query content, and result status. The schema enforces immutability — no UPDATE or DELETE path exists, even for database administrators.

  • Real-time viewer with actor and query attribution
  • WORM cold archive — nightly export to immutable storage
  • Export as signed, timestamped PDF for auditors and regulators
  • Cryptographic chain — tampering is structurally detectable
Security
Audit Log
5 events
Append-only · Tamper-proof
TIMEUSERACTIONTARGETDURATION
Showing 1–0 of 5 events
page 1 / 1
Script automation

TypeScript scripts, sandboxed execution.

Write automation and reporting scripts in the Monaco editor with full TypeScript IntelliSense. Each script runs in a V8 Isolate with hard resource limits. Output files get signed download URLs.

  • Monaco editor with TypeScript IntelliSense
  • V8 Isolate sandbox — configurable memory and CPU limits
  • Real-time log streaming as scripts execute
  • Output file management with signed download URLs
1// Script runs in isolated-vm with author-level CASL permissions
2// Use server('name', type.X) to connect — pass the display name
3 
4async function run() {
5 const db = server('retail-postgres', type.Postgres);
6 
7 const users = await db.find('customers',
8 { segment: 'at_risk' },
9 { limit: 25 },
10 );
11 
12 log('Found', users.length, 'at-risk customers');
13 
14 for (const user of users) {
15 await email.send({
16 to: user.email,
17 subject: 'We miss you',
18 });
19 }
20 
21 return { notified: users.length };
22}
23 
24return await run();
Terminal
Run a script to see output here
Audit trail

Every query.
Immutably logged.

The audit log is not a feature that can be disabled. It is the only write path into the access record. The schema enforces INSERT-only semantics — there is no UPDATE permission, no DELETE permission, even for database administrators.

Cryptographic integrity
Each row contains a hash of the previous row. Gaps or modifications in the chain are detectable.
Regulator-exportable
Export the full trail as a signed, timestamped PDF for auditors, regulators, or legal proceedings.
GDPR DSR integration
Data subject rows in query results are automatically flagged and redacted where erasure is pending.
access_logINSERT-only
live
time
user
query
rows
status
How it works

From credentials to controlled access in four steps.

01

Connect your database

Point Scalple at your PostgreSQL, MySQL, or MongoDB instance. Credentials stay in Scalple's encrypted vault — they are never exposed to developers.

5-minute setup
02

Define access policies

Write policies in TypeScript. Specify which roles can query which tables, under what conditions, with what column-level redactions.

Policy-as-code
03

Developers request access

Engineers request scoped, time-limited sessions with a business justification. Approval workflows are optional but audited regardless.

Zero standing access
04

Every query is logged

The developer receives query results. Simultaneously, the full operation — actor, query text, result count — is appended to the immutable audit log. No log entry means no query execution.

INSERT-only audit
Pricing

Start free. Scale when compliance demands it.

Annual licences paid upfront — aligned with EU enterprise budget cycles. All plans include self-hosted deployment. No per-seat pricing, no usage-based surprise invoices.

Community
Free
Self-hosted · no credit card

Full self-hosted deployment with core audit log and access controls. No usage limits on core features.

Ideal for

Early-stage startups, developers, and technical founders evaluating Scalple risk-free. Ideal for teams under 15 people.

Deploy self-hosted
  • Full self-hosted deployment
  • Core audit log — not gated
  • Database access control
  • GDPR-aware access trail
  • Community support
  • No usage limits on core features
Up to 15 users
ProfessionalMost popular
€5,000
/ year · flat rate

Full compliance evidence, automated DSR processing, and priority support. Pass security reviews and satisfy auditors.

Ideal for

Series A scale-ups with 15–50 employees in fintech, healthtech, or SaaS that need to pass security reviews and respond to DSRs.

See it in action
  • Everything in Community
  • Full audit log with compliance export
  • Automated DSR processing
  • Role-based access and privilege management
  • GDPR & NIS2 compliance reporting
  • Priority email support
  • Onboarding assistance
  • Optional 2-year discount — 10% off
Up to 50 users
EnterpriseLaunch offer
€15,000
/ year
Launch price: €10,000

DORA & NIS2 compliance module, air-gapped deployment, and a dedicated support SLA.

Ideal for

Series B/C fintechs and healthtech firms with 50–150 employees facing regulator scrutiny or enterprise procurement requirements.

Contact sales
  • Everything in Professional
  • DORA & NIS2 compliance module
  • Air-gapped / on-premise deployment
  • Dedicated support with SLA
  • Privilege escalation detection and alerting
  • Multi-team / multi-environment access management
  • Quarterly security review calls
  • Custom contract and invoicing
  • Multi-year discount — 10% off 2-year
Up to 150 users

All prices are annual licences paid upfront · Aligns with EU enterprise budget cycles (Q4/Q1 approval)

Security & compliance

Compliance is not a checkbox.
It is the architecture.

Regulatory requirements are encoded into access policy, not documentation. Your DPO can export evidence at any time.

Supported frameworks
GDPR
General Data Protection Regulation
Art. 28 DPA · DSR workflows · RoPA generation · breach notifications
HIPAA
Health Insurance Portability and Accountability Act
PHI access controls · audit requirements · BAA available
Security architecture
Zero trust access model
No implicit trust between services. Every access request is authenticated, authorized, and logged — regardless of origin.
End-to-end encryption
All data in transit is encrypted with TLS 1.3. Data at rest uses AES-256-GCM. Keys are rotated quarterly.
EU-only data residency
Customer data never leaves EU jurisdiction. AWS is excluded by design. No sub-processors outside the EEA.
Incident response SLA
Critical security incidents: 2-hour response, 24-hour containment. DPA notification within 72 hours as required by GDPR Art. 33.

We scope the proof of concept. Your team is live in one week.

No schema migrations, no agents on your database servers. We configure policies, integrate with your IdP, and validate the audit trail — your team is writing scoped queries within days.

See it in actionUse it for free

No vendor lock-in · Self-hosted option · EU contracts only