--- title: "Data security & retention" description: "How the Spectra platform protects, isolates, retains, and recovers your data." icon: "shield-halved" --- > **For AI agents:** the complete documentation index is at [llms.txt](/llms.txt). Append `.md` to any page URL for its markdown version. This overview describes how the Spectra platform protects, isolates, retains, and recovers your data. It reflects how the system is actually built and deployed. ## Organization isolation Your data is logically isolated per organization and enforced at the data layer, not just in application code: - Every request is authenticated and bound to your organization (via your API key's identity); all data access is automatically scoped to that organization. - Stored records are partitioned by a composite organization identifier, so queries cannot reach another organization's data — cross-organization access is structurally impossible, not merely filtered. - Time-series telemetry is stored in a dedicated per-organization database with its own access credentials, providing a hard boundary between organizations' measurement data. ## Network security - Application workloads run in private network segments with no direct inbound internet access. They are reachable only through managed, internet-facing load balancers. - All public endpoints sit behind a Web Application Firewall (WAF) using managed rule sets to filter common web exploits. - Internal access to supporting services (secrets, queues, container registry) is routed over private network endpoints, and access policies require requests to originate from inside the private network and use secure transport. - Infrastructure spans multiple regions with private connectivity between them. ## Encryption - **In transit:** All API traffic is served over HTTPS/TLS with managed certificates. Internal service-to-service communication occurs over encrypted channels within the private network, with policies that enforce secure transport. - **At rest:** All stored data — operational records, configuration, audit logs, and message queues — is encrypted at rest using AES-256 via managed encryption keys. Time-series telemetry is stored on a managed database service with encryption at rest enabled. ## Authentication & access control - Access to the Enterprise API is via scoped API keys. Keys carry resource-scoped permissions (read/write actions limited to specific resource types), so a key only does what it's authorized to do. - API requests are subject to per-organization rate limiting to protect availability. See [Rate limits](/platform/rate-limits). - Cloud infrastructure access follows least-privilege access-management roles, with sensitive operations restricted to private-network origins. ## Secrets handling - Integration credentials you provide (e.g., third-party API secrets) are stored in a dedicated managed secrets vault, encrypted, and access-restricted to private-network requests. - These secrets are never returned through the API — they are write-only from the caller's perspective. ## Backups, recovery & resilience - All operational datastores have point-in-time recovery (continuous backups) enabled, allowing restoration to any moment within the prior 35 days. - Operational data is replicated across multiple regions for durability and availability. - Datastores have deletion protection and retention safeguards enabled so data cannot be inadvertently destroyed by infrastructure changes. - Audit and access-log storage is versioned and integrity-validated. ## Data retention & deletion - Time-series telemetry is retained for a default of 365 days (1 year), configurable per organization. - When you delete operational resources (e.g., things, sites, fleets), they are removed from active service promptly. - Certain definition records (e.g., metric/thing-type definitions, templates) are soft-deleted — marked deleted and excluded from normal use while remaining recoverable/auditable. - Transient and idempotency records auto-expire on a defined schedule. - You control your data: you can create, update, and delete your organization's resources through the API at any time. ## Auditing & monitoring - Administrative and infrastructure activity is recorded in multi-region, integrity-validated audit logs. - The platform is continuously monitored (metrics, logging, and alerting) for availability and operational health, with retained application logs. ## Compliance Customers can request access to our Trust Center to obtain our SOC 2 Type 1 and Type 2 reports and ISO 27001 documentation. Contact your account team to get started. ## Shared responsibility The platform secures the infrastructure, isolation, encryption, and availability described above. You are responsible for safeguarding your API keys, scoping them to least privilege, rotating them as needed, and managing the data you submit. To request higher rate limits, custom retention windows, or security/compliance documentation, contact your account team.