Back to home

Security

How SpectraPRO approaches platform security

Security controls are designed around explicit scope, tenant boundaries, role-aware access, protected credentials, traceable evidence, and observable provider health.

Last updated 14 July 2026

01

Control areas

Identity and authorization

Authenticated routes, tenant scoping, and admin, analyst, and viewer roles limit access to workspace operations.

Secrets and providers

Service credentials belong in managed environment or secret stores and must not be exposed to browser code or logs.

Evidence and operations

Audit events, health checks, controlled scan phases, and deployment gates support investigation and recovery.

02

Deployment and disclosure

Transport security

Production deployments should use a verified domain and TLS. The temporary staging IP endpoint is HTTP and must not receive sensitive credentials.

Responsible disclosure

Report suspected vulnerabilities privately to support@spectra.security with subject `Security:` and reproducible, sanitized evidence.

No unsafe proof

Do not access unrelated data, persist in systems, disrupt service, or publish an issue before a coordinated review.

Next step

Put the information into action.

Report a security issue