Security and Privacy
Your spec data stays yours.
No exceptions. No model training. No backdoors.
Pro Spec is purpose-built for construction environments where specification data, project scope, and submittal records are sensitive business assets. We treat them that way.
AES-256 Encryption
TLS 1.3 in Transit
US Data Residency
No Model Training
Role-Based Access
SOC 2 In Progress
Core Principles
Built around trust, not an afterthought
L
AES-256 Encryption at Rest
All project files, parsed spec data, and submittal records are encrypted at rest using AES-256. Keys are managed per-customer.
T
TLS 1.3 in Transit
Every request between your browser, our servers, and our processing pipeline uses TLS 1.3. No unencrypted channels anywhere.
X
No Model Training on Your Data
Your specifications and submittals are never used to train or fine-tune any AI model. Your data informs only your compliance runs.
A
Immutable Audit Trail
Every compliance run, decision, and override is logged with a timestamp and user ID. Audit logs are append-only and cannot be edited.
R
Role-Based Access Controls
Assign viewer, reviewer, and admin roles per project. Engineers only see what they need. No global access for field-level team members.
D
Data Retention Controls
You control how long your project data is stored. Export your full dataset at any time and request permanent deletion with written confirmation.
Data Flow
Where your data goes
When you upload a specification or submittal document, it follows a strict, auditable path. Nothing leaves that path without your explicit instruction.
All processing occurs within US-based infrastructure. We do not route data through third-party AI providers in ways that expose your documents. Embeddings are computed internally and stored only in your project namespace.
01
Upload
Document received over TLS 1.3, written to encrypted storage
02
Parse
Text extraction runs in an isolated container, no external calls
03
Embed
Embeddings computed internally, stored in your project namespace only
04
Results Stored
Findings and confidence scores saved to encrypted project database
05
Your Decision
You approve, reject, or flag. Nothing is acted on without a human decision
Compliance Posture
Where we stand today
AES-256
Encryption at Rest
TLS 1.3
In-Transit Security
US Only
Data Residency
SOC 2
Type II In Progress
SOC
SOC 2 Type II Certification in Progress
We are currently undergoing a formal SOC 2 Type II audit. Certification is targeted for completion in 2026. We share our controls documentation on request.
FAQ
Common security questions
Is my specification data used to train your AI models?
No. Your specification and submittal data is never used to train, fine-tune, or improve any AI model. It is used exclusively within your project namespace to perform compliance analysis on your behalf.
Where is my data stored?
All data is stored in US-based infrastructure. We do not replicate or cache your project data in other regions without your explicit consent.
Can your team access my project data?
Access by Pro Spec staff is limited to support scenarios with your explicit written consent. All such access is logged and available in your audit trail.
What happens when I cancel or delete a project?
When you delete a project or close your account, all associated data including documents, parsed specs, embeddings, and run history is permanently deleted within 30 days. You can request expedited deletion.
Do you support SSO or MFA?
Yes. Pro Spec supports SAML-based SSO for enterprise accounts and enforces MFA for all users by default. Role-based access controls are available at the project level.
Contact
Security questions? We answer them directly.
Every inquiry goes to the team that built the system. No ticket queues. No generic responses.
Contact Security Team
Request a Demo