Compliance

This page outlines Spekra's security practices and compliance posture.

Current Status

Spekra is an early-stage, free tool. We don't currently hold formal certifications like SOC 2, but we follow security best practices.

Security-first approach

While we don't have enterprise certifications yet, we've built Spekra with security in mind from day one. Your test data is protected with industry-standard encryption and access controls.

What We Do

Data Protection

Encryption in transit: All data encrypted via TLS 1.3
Encryption at rest: All stored data encrypted
Access control: Role-based access within organizations
API key security: Keys are hashed, never stored in plain text

Privacy Practices

Minimal data collection: We only collect what's needed for the service
No data selling: We never sell your data to third parties
Data deletion: You can delete your data at any time
Transparency: See our Data Handling page for exactly what we collect

Infrastructure

Cloud hosting: Hosted on Vercel and Supabase
Database: PostgreSQL with row-level security
Monitoring: Error tracking and uptime monitoring

We follow GDPR principles:

Principle	How We Comply
Data minimization	Collect only necessary test data
Purpose limitation	Data used only for test observability
Storage limitation	Automatic deletion per retention policy
Right to access	Export your data anytime
Right to deletion	Delete your account and all data

What We Don't Have (Yet)

Being transparent about our current limitations:

SOC 2: Not certified (expensive for a free tool)
HIPAA/BAA: Not available
FedRAMP: Not available
Penetration testing: Not formally conducted
Bug bounty program: Not available

For Enterprise Needs

If your organization requires formal compliance certifications, Spekra may not be the right fit today. We recommend:

Evaluating whether your test data contains sensitive information
Using Spekra for non-production test environments
Waiting until we grow and can invest in certifications

Reporting Security Issues

If you discover a security vulnerability:

Do not disclose it publicly
Open a private security advisory on GitHub
We'll review and respond as quickly as possible

Current Status

Spekra is an early-stage, free tool. We don't currently hold formal certifications like SOC 2, but we follow security best practices.

Security-first approach

While we don't have enterprise certifications yet, we've built Spekra with security in mind from day one. Your test data is protected with industry-standard encryption and access controls.

What We Do

Data Protection

Encryption in transit: All data encrypted via TLS 1.3

Encryption at rest: All stored data encrypted

Access control: Role-based access within organizations

API key security: Keys are hashed, never stored in plain text

Privacy Practices

Minimal data collection: We only collect what's needed for the service

No data selling: We never sell your data to third parties

Data deletion: You can delete your data at any time

Transparency: See our Data Handling page for exactly what we collect

Infrastructure

Cloud hosting: Hosted on Vercel and Supabase

Database: PostgreSQL with row-level security

Monitoring: Error tracking and uptime monitoring

Principle

How We Comply

Data minimization

Collect only necessary test data

Purpose limitation

Data used only for test observability

Storage limitation

Automatic deletion per retention policy

Right to access

Export your data anytime

Right to deletion

Delete your account and all data