ServicesAssessmentsIndustriesSpectraAgent🧠 AI SOCPricingInsightsAboutContactStart Free Assessment
🔒 SpectraAI Vault

Your Infrastructure Data. Protected. Always.

We assess your most critical systems. That comes with a responsibility to protect what we learn. Here is exactly how we handle your data, and the commitments we make.

Security Pillars

How We Protect Your Data

🏠
Data Stays in India
All customer data, assessment reports, and diagnostic information is stored on servers physically located in India. No overseas routing, no data transfers to foreign jurisdictions. Fully DPDP Act 2023 compliant.
🔒
Zero Raw Data Storage
SpectraAgent processes infrastructure data locally on your server. Only the assessment report — findings, recommendations, risk scores — leaves your environment. We never store your raw configuration files, credentials, or sensitive system data.
🌐
Air-Gap Capable
For organisations that cannot allow any external connectivity, SpectraAgent's offline bundle mode collects an encrypted diagnostic package locally. It is transported on secure media and uploaded from a separate internet-connected machine.
🔐
Encryption Everywhere
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys are hashed. Session tokens are signed and time-limited. Database backups are encrypted before storage.
👁️
Full Audit Trail
Every SpectraAgent action is logged with timestamp, engineer identity, command executed, and outcome. Logs are immutable and available for customer review. Nothing happens without a record.
🚫
We Never Sell Your Data
Assessment findings, company details, and infrastructure information are never sold, shared with advertisers, or disclosed to third parties. We do not mine your data for any purpose other than delivering your assessment.

Our Specific Commitments

🔑
No Credential Storage
We never ask for or store your server passwords, SSH keys, or database credentials. SpectraAgent uses the session token for its own authentication — nothing else.
📁
Minimal Data Collection
We collect only what is necessary to deliver the assessment. No phone numbers (unless you provide one), no physical addresses beyond what is on your billing intimation.
🗑️
Data Deletion on Request
You can request deletion of all your assessment data at any time. We will confirm deletion within 14 working days. Email enquiry@spectraai.co.in with subject "Data Deletion Request".
👥
Staff Access Controls
Customer assessment data is accessible only to the assigned engagement team. All staff access is logged. Admin can see who accessed what and when from the management panel.
🔔
Breach Notification
In the event of any security incident affecting customer data, we will notify affected customers within 72 hours in compliance with CERT-In requirements, and within 72 hours of our own discovery.

Compliance Status

DPDP Act 2023
Compliant
CERT-In Requirements
Compliant
Data Localisation
India Only
TLS Encryption
TLS 1.3
ISO 27001
In Progress
SOC 2 Type II
Planned 2026
Security Questions?
We are happy to answer detailed security questions, provide our data processing agreement, or schedule a technical security review call before you start an engagement.
Email Security Team →
Data Processing Agreement

Need a Formal DPA?

For enterprise customers, regulated entities, and organisations that require a signed Data Processing Agreement before engaging — we provide a standard DPA that covers our obligations under DPDP Act 2023 and applicable data protection requirements.

Request DPA → Read Privacy Policy

Security You Can Verify

Start with a free assessment. Every step of our process is transparent, auditable, and reversible.

Start Free Assessment →