At Spherica, we take the security of your data seriously. Here's how we protect your organization's information.
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption via managed PostgreSQL on Railway.
Sign in securely with Google OAuth, Microsoft OAuth, or Magic Links. Sessions use HTTP-only signed cookies with a 7-day expiry.
Organization-scoped data isolation ensures tenants never see each other's data. Role-based access control and an external membership model provide fine-grained permissions.
Hosted on Railway in the US region with a managed PostgreSQL database and automated daily backups.
Full support for EU data subject rights including access, rectification, and deletion. A Data Processing Agreement (DPA) is available. The Berlin Data Protection Authority serves as our supervisory authority. /dpa
Analytics are opt-in only via PostHog. No tracking occurs without your explicit consent.
Only aggregated and anonymized data is sent to OpenAI for analysis. No individual personally identifiable information is ever transmitted.
Found a vulnerability? Please report it to security@spherica.ai. We appreciate responsible disclosure and will respond promptly.
Our current certifications and upcoming compliance milestones.