TRUST AND SECURITY
Trust and security at Spekir.
We take data protection, privacy and compliance as seriously as your architecture diagrams.
Our principles
Privacy by design
GDPR is a foundation, not a feature. Data minimisation, right to export and delete, and lawful basis are baked into every table and API.
Workspace isolation
Each customer workspace runs on its own isolated Neon DB branch. There is no shared database, no cross-workspace leakage, no multi-tenant risks.
Human in the loop
AI classifications are flagged with confidence scores and are editable and auditable at any time. No AI output is applied without human review.
Exportability
All data can be exported as CSV and JSON at any time. Your data is yours. No lock-in, no exit fees.
Compliance status
| Standard | Status | Detail |
|---|---|---|
| GDPR | Compliant since launch | Data minimisation, right to export and delete, lawful basis documented. |
| EU data residency | Live | Workspaces hosted on Neon EU region (Frankfurt). No data leaves the EU. |
| Workspace isolation | Live | Each workspace runs on an isolated Neon DB branch. No cross-workspace data access. |
| SOC 2 Type II | Not started | Planned when customer demand justifies the audit cost. We will state this openly rather than claim a roadmap badge. |
| ISO 27001 | Not planned at current stage | We will revisit when the business scale and customer requirements make it the right investment. |
Subprocessors
The following third parties process data on our behalf. We review subprocessors regularly and only use processors that meet our data protection requirements.
| Processor | Purpose | Region |
|---|---|---|
| Anthropic | AI language model inference | United States |
| Neon | PostgreSQL database hosting | EU (Frankfurt) |
| Vercel | Application hosting and CDN | EU region selected |
| OAuth authentication provider | United States |
Need a full DPA? Contact us at hello@spekir.com and we will send you the agreement within two working days.