Security 🔐
As a data-centric company we know it's vital to be transparent about how your information is stored, accessed and managed.
Reporting Vulnerabilities
Please report any security vulnerabilities directly to us at [email protected]. We will work together with you to correctly identify the cause and implement a fix.It's Your Data, Not Ours
In short, we won't do anything sneaky with your data. We don't share, sell, mine or give away your data to third parties.
You don't even need to take our word for it - being open source means all our code is available to read on the Speckle Github repository.
Security Practices
Enterprise Speckle Servers (as well as our hosted offering, speckle.xyz) are deployed with end-to-end security:
- The Speckle Server uses https (TLS) to encrypt all incoming data from all clients.
- All data is stored in a managed PostgreSQL database cluster.
- The DB is only accessible from the Kubernetes cluster that runs your server and its other components.
- DB credentials are securely stored in a Kubernetes secret.
- SSL is always used to communicate with the DB.
- Data in the DB is encrypted at rest with LUKS.
- The DB will have a standby failover node, & PITR (point in time recovery).
Data FAQs
Does Speckle Comply With The GDPR? (EU Institutions)
We do, please see our Privacy Policy for more details.
Please Note: If you deploy your own Speckle server, it becomes your responsibility to ensure GDPR compliance.
Where Does Speckle's Data Live? Can you control where the data is stored?
For our hosted server (speckle.xyz) all data resides in the UK and is subject to UK legal jurisdiction.
For any specific data residency requirements, you can deploy your own Speckle server wherever you like and with the cloud provider of your choice.
🔑 Looking for a turn-key solution? Get in touch regarding our Enterprise Plan.
Does Speckle have Single-Sign-On SSO?
As part of our Enterprise plan, we are able to handle logins using your organisation's preferred authentication method. We support all major identity providers - Google, Microsoft, etc.
What Is The Server Uptime?
The speckle.xyz server sees 99.999% uptime.
Is Speckle Data Encrypted In-Transit?
Yes, the Speckle Server uses https (TLS) to encrypt all incoming data from all clients.
Did We Miss Anything?
Let us know if you'd like to know anything else, either tweet us (@specklesystems) or email us at [email protected].
