Spaciora

Security

Security and compliance: where we genuinely stand today

DPDPA-aligned and GDPR-aligned. India residency by default. SOC 2 and ISO 27001 are on our roadmap, not yet audited.

Compliance

Where we stand today

  • DPDPA 2023

    Aligned

    Product is built around the DPDPA principles — consent capture, DSAR portal, data-residency controls, and audit trails are in the platform today. Formal compliance attestation has not been undertaken.

  • GDPR / UK GDPR

    Aligned

    Lawful basis, processor obligations, and DSAR fulfilment are built into the product. A written Data Processing Agreement is available to customers who require one — request it from spacioraa@gmail.com. Formal compliance attestation has not been undertaken.

  • SOC 2 Type II

    Planned

    On our roadmap. No audit period has started; no controls report exists yet. We will not market a SOC 2 status until a real engagement is underway.

  • ISO 27001

    Planned

    On our roadmap. No ISMS audit is in progress. We will not market an ISO 27001 status until a Statement of Applicability is genuinely in place.

  • IGBC reporting

    Aligned

    ESG module supports IGBC scoring and PDF export aligned to certification submission templates.

Controls in the platform

What the product does today

Encryption in transit

TLS for all client and API traffic. Database connections from app to Postgres are encrypted.

Encryption at rest

Customer data is stored in a managed Postgres instance with at-rest encryption enabled by the database provider.

Role-based access

Every API call is authenticated and permission-checked through the require_permission decorator. Org boundaries are enforced at the query layer.

Audit trail

Administrative actions are recorded in an audit_log table — actor, action, resource, and before/after diff. Retention policy is configurable per deployment.

Data residency

Where data lives today

India (Mumbai) is the default residency for customer data today. EU, US, and Middle East residency are on the roadmap — not yet deployed.

  • India (Mumbai)

    Default

    Primary residency for all customer data today.

  • European Union

    Planned

    EU-residency option is on the roadmap; not deployed today.

  • United States

    Planned

    US-residency option is on the roadmap; not deployed today.

  • Middle East

    Planned

    Middle East residency option is on the roadmap; not deployed today.

Coordinated disclosure

We welcome reports of security vulnerabilities. Please write to spacioraa@gmail.com with reproduction steps and your PGP key. We aim to acknowledge within one business day and validate within five.

We do not run a paid bug bounty yet — formal scope and rewards will be defined when we set one up.

Report a vulnerability

Procurement questions

For procurement, data-protection, or security questions — including a written Data Processing Agreement — write to spacioraa@gmail.com and we will respond within one business day.

Contact us