Security is not a feature. It's the foundation.
SpecForge is built on AWS with security-first principles. Your compliance data deserves compliance-grade protection.
Encryption
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Your regulatory documents and generated specifications are encrypted before storage.
Infrastructure
SpecForge runs entirely on AWS infrastructure. We use Lambda for serverless processing, DynamoDB for spec storage, and S3 for document hosting. All services are configured per AWS security best practices.
Access Control
Role-based access control (RBAC) ensures team members only access what they need. Multi-factor authentication (MFA) is available for all accounts. API keys are scoped and rotatable.
Compliance
We are working toward SOC 2 Type II certification. Our security practices follow NIST 800-53 and CIS AWS Foundations Benchmark guidelines.
Data Residency
Your data stays in the AWS region you select. We do not transfer data across regions without explicit consent. EU customers can choose EU-based regions for GDPR compliance.
Incident Response
We maintain an incident response plan with defined escalation paths. Security incidents are acknowledged within 4 hours and resolved within 24 hours. Affected customers are notified within 72 hours.
Architecture Overview
Browser / IDE Plugin
Lambda + Auth
DynamoDB + S3 + Bedrock
For security inquiries or to request our SOC 2 report, contact security@specforge.io