Trust Center

Security at Sprintra

Your project data is sacred. We built Sprintra with a local-first architecture and enterprise-grade security so you never have to choose between productivity and protection.

Data Encryption

  • Hosted on Supabase, which encrypts data at rest with AES-256
  • Fly.io terminates TLS 1.3 at ingress for all api.sprintra.io traffic
  • API tokens stored as SHA-256 hashes — plaintext shown only at creation
  • Local-first mode: your data never leaves your machine

Infrastructure

  • Hosted on SOC 2 Type II audited providers: Supabase (Postgres), Fly.io (API), Vercel (web)
  • Zero-downtime deployments with canary rollout strategy
  • WAL-mode SQLite for local deployments with automatic backups
  • PostgreSQL with managed hosting for cloud deployments
  • Per-tenant org isolation enforced at the row level (RLS) in cloud mode

Compliance

  • GDPR-aligned: data residency, right to erasure, data portability supported via export + delete-account flows
  • EU AI Act readiness: session replay, decision audit trails, AI agent controls
  • SOC 2 Type II certification on our roadmap (not yet achieved)
  • Self-hosted option for organizations with strict compliance requirements
  • Org-level data isolation with per-token scoping

Privacy

  • We never access, read, or train on your project data
  • Self-hosted option gives you complete data sovereignty
  • No third-party tracking on the authenticated dashboard
  • Data export available in standard formats (JSON, CSV)
  • Your data belongs to you — delete your account and all data is removed

Incident Response

  • Dedicated security contact: security@sprintra.io
  • Automated monitoring and health checks across all infrastructure
  • Real-time error tracking and anomaly detection via Sentry
  • Graceful shutdown and connection draining during deployments
  • Activity logging and audit trail for all MCP tool operations

Access Control

  • Role-based access control (RBAC) with custom role definitions
  • SAML/SCIM SSO for enterprise single sign-on
  • Fine-grained personal access tokens with org and project scoping
  • AI agent trust levels (0-3) with configurable write budgets
  • Full audit log of all authentication and authorization events

Questions about security?

Our team is happy to discuss security requirements, provide compliance documentation, or set up a self-hosted evaluation.

Contact Security Team Enterprise plans