Trust Center

Security at Sprintra

Your project data is sacred. We built Sprintra with a local-first architecture and enterprise-grade security so you never have to choose between productivity and protection.

Data Encryption

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 for all data in transit
  • Database-level encryption via managed infrastructure
  • API tokens stored as SHA-256 hashes — plaintext shown only at creation
  • Local-first mode: your data never leaves your machine

Infrastructure

  • SOC 2 Type II certified cloud infrastructure
  • Zero-downtime deployments with canary rollout strategy
  • WAL-mode SQLite for local deployments with automatic backups
  • PostgreSQL with managed hosting for cloud deployments
  • Container isolation between tenants in multi-tenant mode

Compliance

  • GDPR compliant: data residency controls, right to erasure, data portability
  • EU AI Act readiness: session replay, decision audit trails, AI agent controls
  • SOC 2 Type II certification on our roadmap
  • Self-hosted option for organizations with strict compliance requirements
  • Org-level data isolation with per-token scoping

Privacy

  • We never access, read, or train on your project data
  • Self-hosted option gives you complete data sovereignty
  • No third-party tracking on the authenticated dashboard
  • Data export available in standard formats (JSON, CSV)
  • Your data belongs to you — delete your account and all data is removed

Incident Response

  • Dedicated security contact: security@sprintra.io
  • Automated monitoring and health checks across all infrastructure
  • Real-time error tracking and anomaly detection via Sentry
  • Graceful shutdown and connection draining during deployments
  • Activity logging and audit trail for all MCP tool operations

Access Control

  • Role-based access control (RBAC) with custom role definitions
  • SAML/SCIM SSO for enterprise single sign-on
  • Fine-grained personal access tokens with org and project scoping
  • AI agent trust levels (0-3) with configurable write budgets
  • Full audit log of all authentication and authorization events

Questions about security?

Our team is happy to discuss security requirements, provide compliance documentation, or set up a self-hosted evaluation.

Contact Security Team Enterprise plans