Security

Seckle is trusted by thousands of users worldwide. We are the data backbone for the AEC industry keeping data from small projects, to iconic projects and critical infrastructure secure.

We are continuously monitoring and improving our software to keep Speckle and your data secure. Additionally,  we undergo external audits regularly proving our commitment to security.

For our full SOC2 report please contact us.
Reporting Vulnerabilities

Please report any security vulnerabilities directly to us at security@speckle.systems. We will work together with you to correctly identify the cause and implement a fix.

Security Practices

All our hosted offering are deployed with end-to-end security:

  • TLS to encrypt all incoming data from all clients.
  • SSL is always used to communicate with the DB.
  • Data in the DB is encrypted at rest with LUKS.
  • The DB has a standby failover node, & PITR (point in time recovery).

Data FAQs

What are you doing with my data?

Short answer: you own your data and we don't touch  it, we don't mine or resell it. We only acces it if you ask us to debug an issue with your models.
Long answer: please check our terms, privacy policy and data processing agreement.

Does Speckle comply with the GDPR? (EU Institutions)

We do, please see our Privacy Policy for more details.

Please Note: If you deploy your own Speckle server, it becomes your responsibility to ensure GDPR compliance.

Can other users access my data on app.speckle.systems?

No, the data is only available to you and the users you decide to share it with. If you want to put additional safeguards in place to control who a colleague shares data with, test Workspaces! Workspaces provide advanced permissions and security controls, such as SSO.

Where is my data hosted?

Currently, your data is stored in the UK by default. We are working on dynamically adjusting the data location to optimize for latency. Our Workspace Business plan offers you to set a data region of your choice.

Does Speckle have Single-Sign-On SSO?

Yes, as part of our Business plan, we are able to handle logins using your organisation's preferred authentication method. We support all major identity providers - Google, Microsoft, etc.

What is the server uptime?

You can find out more about our server uptime here.

Is Speckle data encrypted In-Transit?

Yes, the Speckle Server uses https (TLS) to encrypt all incoming data from all clients.

Did we miss anything?

Let us know if you'd like to know anything else, just email us at office@speckle.systems.