Security & Compliance
Security is foundational to SpecNavi. We protect your product requirements with enterprise-grade security, verified processes, and full audit trails.
Security Principles
Our security philosophy focuses on data protection, verified processes, and transparency. We never train AI models on customer data without explicit consent.
No Training on Customer Data
Your source documents and generated requirements are never used to train our AI models. Data isolation is guaranteed.
Verified Generation Only
All AI-generated content passes through verification and human approval before reaching your stakeholders.
Full Audit Trail
Every action is logged. Track who created, modified, or approved each requirement with complete lineage.
Human Approval Required
Critical gates ensure human review before any requirement is published or exported.
Data Protection
Encryption
TLS 1.3 for data in transit
All connections use HTTPS with modern encryption protocols
AES-256 for data at rest
Customer data encrypted when stored in our databases
Access Controls
Role-Based Access Control (RBAC)
Enterprise tiers control who can access, edit, and approve
Comprehensive audit logging
All user actions logged for compliance and security review
Infrastructure & Compliance
SOC 2 Type II Compliant Infrastructure
SpecNavi is hosted on Vercel, which maintains SOC 2 Type II compliance for its infrastructure. This covers data center security, access controls, change management, and environmental controls.
Penetration Testing
Contact for details: Security testing summary and remediation plans available for enterprise customers.
Additional Certifications
Contact for details: Information about additional compliance certifications and third-party audit reports.
For complete details on data collection, use, and protection practices, please review our Privacy Policy and Terms of Service.
Need Security Documentation?
Our security team is available to answer detailed questions, provide documentation for your procurement process, or complete your security questionnaire.