Spaciora

Security

Security and compliance you can show your auditor

DPDPA-compliant. GDPR-aligned. SOC 2 and ISO 27001 ready. India residency by default. Audit trail on every action — 7-year retention.

Compliance

Where we stand today

  • DPDPA 2023

    Compliant

    All 8 DPDPA principles observed across the product. Grievance Officer in place.

  • GDPR / UK GDPR

    Compliant

    DPA published; SCCs incorporated; DPO appointed; lawful basis documented.

  • SOC 2 Type II

    Ready · in progress

    Controls implemented; first audit period running. Report on request under NDA.

  • ISO 27001

    Ready · in progress

    ISMS implemented; surveillance audit scheduled. Statement of Applicability available on request.

  • NBC 2016

    Aligned

    Visitor and emergency flows aligned to NBC 2016 Annexure A.

  • IGBC reporting

    Aligned

    ESG module aligned to IGBC submission templates.

Defence in depth

The controls behind the platform

Encryption

AES-256 at rest. TLS 1.3 in transit. Cryptographic keys managed in a dedicated KMS with rotation policies.

Access

Multi-factor authentication for all admin access. Role-based access with least-privilege. Quarterly access reviews.

Audit trail

Immutable, append-only audit logs on every administrative and security-sensitive action. 7-year default retention.

Vulnerability + pen-test

Continuous vulnerability scanning. Annual independent third-party penetration testing. Coordinated disclosure programme.

Incident response

Documented IR plan with 72-hour breach notification. BCP/DR plans exercised at least annually. RTO/RPO targets per service tier.

Vendor + sub-processors

Sub-processors disclosed, reviewed pre-onboarding, monitored. 14-day notice for new sub-processors.

Data residency

Choose where your data lives

India residency by default. EU, US, and Middle East residency available on Enterprise plans, with the appropriate transfer mechanism in place.

  • India (Mumbai)

    Default

    Primary residency by default; sub-hourly RPO.

  • European Union

    Available

    EU-residency option for GDPR customers; SCCs in place.

  • United States

    Enterprise

    US-residency option for Enterprise plans on request.

  • Middle East

    Enterprise

    ME-residency option for Enterprise plans on request.

Coordinated disclosure

We welcome reports of security vulnerabilities. Please write to security@spaciora.app with reproduction steps and your PGP key. We acknowledge within one business day, validate within five, and credit researchers in our security hall of fame on disclosure of the fix.

We do not run a paid bug bounty yet — formal scope and rewards arrive in v1.1.

Report a vulnerability

Trust artefacts on request

Enterprise customers under NDA can request the SOC 2 readiness report, ISO 27001 Statement of Applicability, the latest pen-test summary, the TOMS annex from our DPA, and the current sub-processor list. Drop a note to security@spaciora.appand we’ll reply within one business day.

Read our DPA

Trust starts with the audit pack.

Book a 30-minute security review with our team. Controls, residency, and the DPA — covered on the call.

Book a security review Read our DPA

14-day free trial · No credit card · Multi-region residency