SpikedAI Logo
Security & Trust Center

SpikedAI Trust & Security

SpikedAI is committed to protecting your revenue data. We build on enterprise-grade infrastructure and follow conservative data security principles to ensure your information remains yours.

Review Protection Report Issue

Global Infrastructure

SpikedAI is built on world-class, multi-region cloud infrastructure. Our architecture is designed for high availability, logical isolation, and rapid scalability.

Google Cloud Platform (GCP)

Primary workloads are hosted in US-Central1 (Iowa) on Google Cloud Run, leveraging isolated VPC networking and Google's global perimeter defense.

Supabase Pro

Our database and authentication layers are managed by Supabase, providing enterprise-grade auth (JWT) and high-concurrency database clusters.

Automated Backups

Point-in-time recovery and daily database backups with 7-day retention are enabled for all production environments.

Quick Facts

  • Hosting Location US-Central1 (GCP)
  • Auth Method JWT / Supabase Auth
  • Data Redundancy Multi-Zone
  • Encryption Method AES-256 / TLS 1.2+
  • Uptime Targeting 99.9%

Data Protection & Encryption

We implement rigorous data protection controls to ensure that personal information and meeting data are encrypted and isolated.

Encryption

All customer data is encrypted in transit over public networks using TLS 1.2+ protocols. Data at rest is encrypted using provider-managed AES-256 keys on Google Cloud Storage and Supabase (PostgreSQL).

  • FIPS 140-2 compliant hardware
  • Perfect Forward Secrecy

Multi-Tenant Isolation

SpikedAI uses logical isolation to ensure your data is siloed. Every database record is scoped to your organization ID, with strict Row-Level Security (RLS) enforcement at the infrastructure layer.

  • No cross-tenant data leakage
  • Tenant-scoped Bearer JWTs

AI Security & Privacy Policy

We are committed to a transparent AI policy. SpikedAI leverages best-in-class generative models while maintaining strict boundaries on data usage.

"SpikedAI does NOT use customer data to train foundation models without explicit authorization."

Subprocessor Vetting

We partner with foundational providers including Stripe and Google. All AI subprocessors are vetted for security and data privacy commitments.

Grounding & RAG

To reduce hallucination and ensure accuracy, we use source-grounded retrieval-augmented generation (RAG) based strictly on your organization's context.

Human-in-the-Loop

All AI-generated revenue signals and transcripts are designed for human review and verification before being committed to your CRM.

Compliance Commitment

SpikedAI is maturing its security program in alignment with global standards. We rely on certified cloud providers and are working toward our own formal third-party audits.

Our Current Posture

SpikedAI is currently in the process of scaling internal controls toward SOC 2 Type II readiness. We follow common cloud security best practices (CSCC, OWASP) in our development lifecycle.

Aligned with SOC 2
GDPR Ready

Inherited Controls

The underlying infrastructure (Google Cloud & Supabase) maintains rigorous certifications, including:

  • SOC 2 Type II / ISO 27001
  • HIPAA Compliant Data Centers
  • PCI-DSS Level 1 Infrastructure

Data Processing Agreement (DPA)

Contractual Safeguards

SpikedAI provides a standard Data Processing Agreement (DPA) which includes Standard Contractual Clauses (SCCs) to ensure your data is protected across jurisdictions.

  • GDPR Article 28 Compliance
  • Data Breach Notification Commitment
  • International Transfer Safeguards
Request DPA Copy

Security Contact

Have specific security requirements or need a technical review? Our team is available directly.

Email hello@spiked.ai