Security isn't a feature - it's the foundation. DataSpec is built with enterprise-grade security at every layer.
AES-256 encryption at rest, TLS 1.3 in transit. API keys are hashed, OAuth tokens encrypted. Your data is protected at every layer.
Choose where your data lives. Regional hosting options available in Australia, the United States, and the European Union.
Role-based access control with full audit logging. Every read, write, and sync event is tracked and attributable.
Logical isolation with strict tenant boundaries. Data is separated at every level - no cross-tenant leakage, ever.
All integrations use OAuth - we never store your passwords. Connections are revocable at any time from your dashboard.
Every query result shows its source system and last sync time. Full transparency into where your data came from and how fresh it is.
| Standard | Status | Expected |
|---|---|---|
| SOC 2 Type II | In Progress | Q4 2026 |
| GDPR | Compliant | — |
| Australian Privacy Act | Compliant | — |
| ISO 27001 | Planned | 2027 |
We welcome security researchers. If you discover a vulnerability, contact security@dataspec.io. We commit to acknowledging reports within 48 hours.
Our team is happy to discuss security requirements in detail.