Documentation
Security Overview
Comprehensive details on how Specteron protects customer data, enforces tenant isolation, and operates a secure production environment.
Architecture & Tenant Isolation
Specteron is a multi-tenant SaaS platform hosted on enterprise-grade cloud infrastructure. Customer data remains logically separated at the database and application layers through strict tenant scoping.
- Strict Logical Isolation: Every API request is validated against the authenticated workspace scope. Cross-tenant access is blocked by application logic and authorization checks.
- Vector Database Segregation: Knowledge data is embedded and stored in isolated namespaces so retrieval only runs against the customer context authorized for that token.
- Zero LLM Training Policy: Specteron uses enterprise AI agreements where customer payloads are not used to train provider foundation models. Zero-retention modes are applied where available.
Encryption & Secrets Management
The platform applies defense-in-depth controls and standard encryption protocols across network traffic, storage, and secret handling.
- Encryption in Transit: Traffic between clients, Specteron services, and approved subprocessors is encrypted with TLS 1.3 and modern cipher suites.
- Encryption at Rest: Databases, object storage, and backups use AES-256 or equivalent cloud-native encryption controls at rest.
- Secret Management: API keys, environment secrets, and database credentials are kept out of source code and injected through managed key or vault systems.
Identity & Access Control
Access to customer data is governed by least-privilege principles across support, engineering, and infrastructure operations.
- Customer Access (RBAC): Workspace owners can assign scoped roles to limit access to inbox, billing, knowledge, and operational settings.
- Internal Staff Access: Production access is restricted, time-bound, and audited. It is granted only when required for a specific support or reliability task.
- Multi-Factor Authentication: Employee access to production systems requires strong authentication controls, including MFA on privileged environments.
Secure Development Lifecycle (SDLC)
Security is built into development and release workflows so defects are caught before they reach production.
- Automated Scanning: CI pipelines run dependency and code scanning to surface known vulnerabilities and risky changes early.
- Peer Review Requirement: Code changes require review and passing automated checks before release.
- Independent Testing: Third-party penetration testing and external review supplement internal controls and release discipline.