SpecOff

Security at SpecOff

We take the security and privacy of your data seriously. Here's how we protect your information.

Encryption

All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Your notes, files, and personal information are protected at every step.

Secure Authentication

We use Google OAuth 2.0 for authentication, which means we never store your password. Sessions are managed securely with short-lived tokens and automatic expiration.

Infrastructure Security

SpecOff is hosted on Vercel and uses Supabase for data storage. Both providers maintain SOC 2 Type II compliance, ensuring enterprise-grade infrastructure security.

Access Controls

Row Level Security (RLS) ensures that users can only access their own data. All database queries are scoped to the authenticated user, preventing unauthorized access.

Regular Security Updates

We keep all dependencies up to date and regularly review our codebase for potential vulnerabilities. Security patches are applied promptly.

Responsible Disclosure

If you discover a security vulnerability, please report it to us at security@specoff.app. We take all reports seriously and will respond promptly.

Our Security Practices

Data Hosting

  • All data is stored in secure Supabase databases
  • Primary data centers located in the United States
  • Automatic backups with point-in-time recovery

Access & Authentication

  • OAuth 2.0 with Google for secure sign-in
  • No passwords stored in our systems
  • Automatic session expiration

Data Protection

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • Database-level row security policies

Our Commitment to Security

SpecOff is built with security as a foundational principle. While we are not currently SOC 2 certified, we leverage infrastructure providers (Vercel and Supabase) that maintain SOC 2 Type II compliance.

We are continuously working to improve our security posture and are committed to implementing industry best practices. As we grow, we plan to pursue formal security certifications to provide additional assurance to our users.

If you have any questions about our security practices or would like to request additional information, please don't hesitate to reach out.

Contact us about security