SpikedAI Logo

SpikedAI Trust & Security

Effective Date: April 2026. SpikedAI is committed to protecting your revenue data. We build on enterprise-grade infrastructure and follow conservative data security principles to ensure your information remains yours.

Global Infrastructure

SpikedAI is built on world-class, multi-region cloud infrastructure. Our architecture is designed for high availability, logical isolation, and rapid scalability.

Google Cloud Platform (GCP)

Primary workloads are hosted in US-Central1 (Iowa) on Google Cloud Run, leveraging isolated VPC networking and Google's global perimeter defense.

Supabase Pro

Our database and authentication layers are managed by Supabase, providing enterprise-grade auth (JWT) and high-concurrency database clusters.

Automated Backups

Point-in-time recovery and daily database backups with 7-day retention are enabled for all production environments.

  • Hosting Location: US-Central1 (GCP)
  • Auth Method: JWT / Supabase Auth
  • Data Redundancy: Multi-Zone
  • Encryption Method: AES-256 / TLS 1.2+
  • Uptime Targeting: 99.9%

Data Protection & Encryption

We implement rigorous data protection controls to ensure that personal information and meeting data are encrypted and isolated.

Encryption

All customer data is encrypted in transit over public networks using TLS 1.2+ protocols. Data at rest is encrypted using provider-managed AES-256 keys on Google Cloud Storage and Supabase (PostgreSQL).

  • FIPS 140-2 compliant hardware
  • Perfect Forward Secrecy

Multi-Tenant Isolation

SpikedAI uses logical isolation to ensure your data is siloed. Every database record is scoped to your organization ID, with strict Row-Level Security (RLS) enforcement at the infrastructure layer.

  • No cross-tenant data leakage
  • Tenant-scoped Bearer JWTs

AI Security & Privacy Policy

We are committed to a transparent AI policy. SpikedAI leverages best-in-class generative models while maintaining strict boundaries on data usage.

"SpikedAI does NOT use customer data to train foundation models without explicit authorization."

Subprocessor Vetting

We partner with foundational providers including Stripe and Google. All AI subprocessors are vetted for security and data privacy commitments.

Grounding & RAG

To reduce hallucination and ensure accuracy, we use source-grounded retrieval-augmented generation (RAG) based strictly on your organization's context.

Human-in-the-Loop

All AI-generated revenue signals and transcripts are designed for human review and verification before being committed to your CRM.

Compliance Commitment

SpikedAI is maturing its security program in alignment with global standards. We rely on certified cloud providers and are working toward our own formal third-party audits.

Our Current Posture

SpikedAI is currently in the process of scaling internal controls toward SOC 2 Type II readiness. We follow common cloud security best practices (CSCC, OWASP) in our development lifecycle.

Inherited Controls

The underlying infrastructure (Google Cloud & Supabase) maintains rigorous certifications, including:

  • SOC 2 Type II / ISO 27001
  • HIPAA Compliant Data Centers
  • PCI-DSS Level 1 Infrastructure

Data Processing Agreement (DPA)

SpikedAI provides a standard Data Processing Agreement (DPA) which includes Standard Contractual Clauses (SCCs) to ensure your data is protected across jurisdictions.

Contractual Safeguards

  • GDPR Article 28 Compliance
  • Data Breach Notification Commitment
  • International Transfer Safeguards

To request a copy of our DPA, please contact us at hello@spiked.ai.