Skip to content
Spekir

Designed for CISO approval

Spekir Atlas is built so security approval becomes the easiest part of the implementation, not the hardest.

Clear data boundaries

Each workspace is schema-isolated in EU-hosted PostgreSQL. No cross-tenant queries, no shared connection pools. Your data never mingles with another customer's.

Verifiable controls

Every control is observable without asking us: TLS grades, audit logs, session lists, BYOK fingerprints. Eight specific tests a CISO can run in 30 minutes.

Customer-controlled AI

BYOK lets your workspace send AI requests through your own Anthropic tenant. Fail-closed by default: if your key is invalid, we do not silently fall back to our credentials.

Quick facts

Data residencyEU (Frankfurt) — Neon PostgreSQL, Vercel fra1/cdg1
Encryption at restAES-256 (Neon managed). BYOK on roadmap (Q3 2026)
Encryption in transitTLS 1.3 enforced. HSTS enabled
AuthenticationEmail + password, Google OAuth. SSO/SAML planned Q4 2026
SCIM provisioningPlanned Q4 2026
BYOK (customer keys)Anthropic provider supported now. Azure/Bedrock planned
Audit log retention12 months. Append-only, no delete from app code
Uptime target99.5% monthly. Status at status.spekir.com
Breach notification24h to affected workspace admins, 72h per GDPR Art. 33
Workspace isolationSeparate schema per workspace, ORM-layer + RLS policies

What you can verify yourself

  1. HTTPS everywhere — check TLS configuration via ssllabs.com/ssltest on spekir.com
  2. HSTS and security headers — verify with securityheaders.com
  3. EU data residency — request DPA and verify data processing location
  4. No cross-workspace data access — confirmed by penetration test report on request
  5. Audit log completeness — export your workspace audit log from Settings > Security
  6. User session list — view and revoke active sessions from your account settings
  7. BYOK key fingerprint — verify last 4 chars of SHA-256 match your key after adding
  8. Sub-processor changes — subscribe to RSS feed at /subprocessors/feed.xml

Documents

Security Architecture v1.0

Full technical architecture, data flows, controls, and incident response.

Coming soon

DPA Template

EU-compliant Data Processing Agreement template. Requires legal review before first signature.

Coming soon

Sub-processor List

Current list of all sub-processors with regions and functions.

View →

Incident Response Policy

Severity classification, response timelines, breach notification procedure.

Coming soon

CAIQ-Lite Self-assessment

Cloud Security Alliance questionnaire responses.

Coming soon

PDFs are being finalized. Contact security@spekir.com to receive documents before public availability.

Certifications roadmap

We are pre-certification. We say this openly because honesty about our maturity level is more valuable than a roadmap badge.

SOC 2 Type I

Q3 2026

Preparation in progress

Controls documented. Readiness assessment underway with auditor.

SOC 2 Type II

Q1 2027

On roadmap

12-month observation period starts after Type I.

ISO 27001

Q3 2027

On roadmap

ISMS gap analysis planned after SOC 2 Type I milestone.

Contact

Security: security@spekir.com

Privacy / DPA: privacy@spekir.com

Status page: status.spekir.com

Ready to get started?

Try Atlas →Book a security review