Security is not a slide — it's how the product behaves
Spendda is built for organizations that get audited. Below is how we think about protection in the product today; your security team can extend this with SSO, VPC, and DPA as you move to production.
Trust signals
- TLS 1.2+In transit
- Tenant isolationPer-client workspaces
- BackupsDaily snapshots (Enterprise)
- SOC 2Type II, roadmap
Encryption
TLS for data in transit. Sensitive configuration and profile payloads use hardened cookie patterns suitable for pilot and production hardening.
Role-based access
Product navigation and surfaces adapt to finance, audit, executive, and analyst personas — reducing accidental exposure in shared tenants.
Audit logs
Intelligence and export flows are designed to leave breadcrumbs suitable for governance reviews (pilot: client-side + server events where enabled).
Tenant isolation
Workspace data, uploads, and AI context are keyed to tenant sessions so commingled demos never leak across customers.
Backups & recovery
Enterprise deployments target encrypted backups, tested restore drills, and documented RTO/RPO. Pilot tenants may use shorter retention; your contract defines what applies to production data.
Enterprise hardening
SOC 2 Type II on the roadmap, SSO (SAML/OIDC), optional VPC peering, and customer-managed keys — mapped during onboarding so the pilot workspace can graduate without replatforming.
Trust center & policies
Privacy summary, API placeholders, SSO narrative, and compliance badges live in the Trust Center — share one link with procurement.