Security & Trust
Your business data deserves careful handling.
Specula is built for contractors who trust us with operating data. We protect that trust with clear data boundaries, secure authentication, careful secret handling, and honest communication about what is in place today.
Trust posture
Clear, practical, and improving with every release.
CSV imports are validated before they become dashboard metrics.
Uploaded data is attached to the signed-in user's organization.
Admins and owners control company-level workspace settings.
The platform focuses on operating metrics needed for analysis and avoids unnecessary sensitive details.
Workspace isolation
Customer metrics are scoped to an organization workspace, and app queries include the active organization boundary.
Secure authentication
Specula uses Supabase Auth for account sessions and avoids handling passwords directly in application code.
Encrypted connections
Production deployments use HTTPS so data is protected while moving between the browser and the app.
Secret handling
API keys and database credentials live in environment variables, not source files or public client code.
Security commitments
Clear promises, careful claims
We do not claim SOC 2, HIPAA, or other certifications until they are actually complete. The right promise is that customer data is treated as sensitive and security work is visible.
CSV imports are validated before they become dashboard metrics.
Uploaded data is attached to the signed-in user's organization.
Admins and owners control company-level workspace settings.
The platform focuses on operating metrics needed for analysis and avoids unnecessary sensitive details.
Production secrets are managed outside the public app and rotated when needed.
Database access controls and organization boundaries are reviewed as the service matures.