Security

Our Security Commitment

Data security is at the heart of Spectalya. As a platform handling sensitive professional data (inspection reports, property photos, client information), we implement best practices to ensure the confidentiality, integrity and availability of your information.

Data Encryption

Authentication and Access

We apply strict access controls at all levels:

• Passwords: Hashed with bcrypt, never stored in plaintext
• JWT Tokens: Secure sessions with automatic expiration
• Data isolation: Each organisation can only access its own data
• Admin access: Limited to authorised personnel, with full audit logging

Infrastructure

Our infrastructure is designed for resilience and security:

• EU Hosting: Servers located in the European Union
• Backups: Automatic daily backups, encrypted and tested
• Monitoring: 24/7 system monitoring with real-time alerts
• Updates: Security patches applied within 48 hours

Secure Payments

We do not store any banking data. All payments are processed by Stripe, certified PCI DSS Level 1, the highest certification level in the payment industry.

Development Best Practices

Our development team follows OWASP recommendations:

• Systematic code review
• Protection against SQL injection and XSS
• Validation and sanitisation of all inputs
• Secure dependency management
• CSRF protection on all forms

Responsible Disclosure

If you discover a security vulnerability in Spectalya, we encourage you to report it responsibly to [email protected].

We commit to acknowledging receipt within 24 hours and treating every report with the utmost attention.