TRUST CENTRE
Security you can rely on
Spectr is built with security-first engineering. Here's exactly how we protect your data, your code, and your team.
Request security reviewData encryption
- •All data encrypted at rest using AES-256
- •TLS 1.3 in transit for all API and dashboard traffic
- •API keys hashed with bcrypt — never stored in plaintext
- •Database credentials rotated on every deployment
Access control
- •SSO via SAML 2.0 and OIDC (Enterprise)
- •SCIM provisioning for automated user lifecycle
- •Role-based access: Owner, Admin, Member, Viewer
- •Session tokens expire after 8 hours of inactivity
Infrastructure
- •Hosted on Railway with automated failover
- •PostgreSQL with daily encrypted backups (30-day retention)
- •Containerised workloads — no shared compute between tenants
- •99.9% uptime SLA for Enterprise plans
Compliance
- •GDPR — data processing agreements available on request
- •SOC 2 Type II audit in progress (expected Q3 2026)
- •CCPA — California residents can request data deletion
- •Data residency options available for Enterprise
LLM data handling
- •Your code and test prompts are never used to train models
- •Claude API calls are zero-retention (Anthropic policy)
- •No test code stored on third-party LLM provider infrastructure
- •Eval pipeline runs inside your own environment on Enterprise
Incident response
- •On-call rotation with 15-minute response SLA for P0 incidents
- •Status page at status.spectrtechnology.com
- •Customers notified within 72 hours of any data breach
- •Post-mortems published for all Severity 1 incidents
Report a vulnerability
Found a security issue? Please disclose responsibly.