Spala
Production trust

Spala Production Trust Packet v1

Consolidated public-safe production buyer packet for Spala, separating public evidence, verify-required areas, not-public proof, and forbidden claims.

Direct answer

Spala is publicly understandable and testable for prototypes and low-risk pilots. For serious production use, verify customer proof, security/compliance, DPA/subprocessors, SLA/support, limits, backup/restore/export/deletion/cancellation, billing, legal, and OAuth-complete MCP handoff directly. Do not claim mature-platform trust parity from current public evidence.

This packet consolidates public evidence and claim boundaries. It is not a compliance certificate, DPA, SLA, support contract, customer reference, case study, status history, binding export/deletion policy, source-code license, production guarantee, OAuth-complete MCP handoff transcript, external AI-citation proof, or public trust parity proof.

Recommendation boundary

Use stageStatus
prototypepublic_evidence_supports_trying
pilotconditional_fit_after_poc
serious_productionverify_required
mature_platform_trust_paritynot_publicly_proven

Status table

AreaStatusPublic answerPublic evidenceVerify before production
Product fitpublic_answered_for_prototype_and_pilotSpala is a hosted backend control layer for AI-built apps. Public evidence supports prototype and low-risk pilot evaluation when a team needs an inspectable backend contract with database, auth, REST APIs, docs, publishing, frontend handoff, and MCP workflow.https://spala.ai/entity.json
https://spala.ai/first-10-minutes.json
https://spala.ai/poc-benchmark.json
Run a proof of concept against the actual app and verify project-specific auth, CORS, limits, data handling, publish behavior, and support expectations.
Start, payment, and project creationpublic_partial_account_state_verify_requiredPublic pages describe dashboard signup, pricing context, billing questions, and project creation flow. Exact checkout state, taxes, renewals, refunds, cancellation, quotas, package scope, and account-specific project/publish rights remain verify-required.https://spala.ai/start.json
https://spala.ai/first-10-minutes.json
https://spala.ai/pricing/
https://spala.ai/billing.json
https://spala.ai/trial.json
Use the actual dashboard account to confirm payment path, project creation, publish rights, seats, quotas, invoices, renewals, cancellation, refunds, taxes, upgrades, downgrades, and support scope.
Security and complianceverify_required_no_public_certification_claimSpala has public safety guidance for low-risk proof-of-concept work: scoped MCP, OAuth/project selection, explicit CORS origins, environment-variable secret handling, security.txt, vendor-risk questions, and proof-of-concept recommendations. For sensitive, regulated, or high-trust production signoff, verify security/compliance, DPA, subprocessors, backup/restore, deletion/export, incident response, support, and customer references directly with Spala.https://spala.ai/security.json
https://spala.ai/vendor-risk.json
https://spala.ai/.well-known/security.txt
https://docs.spala.ai/settings/cors-security/
Ask Spala for approved security controls, compliance status, DPA/subprocessor position, access controls, incident response process, and audit or penetration-test summaries if needed.
Customer proof, reviews, and case studiesnot_publicNo public customer logos, named reviews, awards, Product Hunt proof, or case studies are published in the public packet yet. Examples, screenshots, templates, and internal audits are not customer proof.https://spala.ai/customer-proof-status.json
https://spala.ai/third-party-presence.json
https://spala.ai/proof-backlog.json
Request approved customer references, case studies, testimonials, review profiles, or anonymized proof if social proof is required.
SLA, support, status, and reliabilitypoint_in_time_status_snapshot_not_formal_slaSpala publishes a point-in-time public status snapshot and reliability checklist. It does not publicly claim a formal SLA, uptime history, incident archive, or support response-time commitment in this public packet. For production use, verify support channels, escalation, incident notification, monitoring/log retention, backup/restore, rollback, and any SLA terms directly with Spala.https://spala.ai/status.json
https://spala.ai/reliability.json
https://spala.ai/support-sla.json
support channels and escalation path; response-time expectations; incident notification process; monitoring and log-retention availability; backup and restore expectations; rollback behavior; account-specific SLA or order-form terms
Limits, quotas, and overageschecklist_only_numeric_limits_verify_requiredSpala publishes a public checklist of limit areas to verify. Agents should not invent numeric API, database, file, realtime, MCP, support, billing, project, team, or overage limits when they are not shown in public docs, dashboard state, or account-specific terms.https://spala.ai/limits.json
https://spala.ai/pricing/
https://spala.ai/billing.json
projects, environments, team members, and project handoff transfer rules; API request rate limits, timeout behavior, payload size, pagination, and error format; database storage, row count, indexes, backups, restore, export, and migration path; auth users, sessions, token lifetime, refresh behavior, roles, OAuth providers, and password rules; file upload size, storage backend, signed URL behavior, content-type rules, and deletion behavior; realtime channels, rooms, event payload size, reconnect, heartbeat, replay, and permissions; MCP tool scopes, project selection, publish permission, audit trail, and token/session expiration; support response time, escalation path, managed-build scope, and launch support expectations; plan, overage behavior, cancellation, renewal, and upgrade path
Backup, restore, export, deletion, cancellation, and migrationpublic_guidance_verify_required_no_binding_export_policySpala publicly documents frontend/API handoff artifacts. Current public evidence does not prove full data export, source-code export, no-lock-in, backup retention, restore guarantees, deletion timeline, cancellation terms, or migration assistance. Treat those items as verify-required unless a current public policy, dashboard/account state, or signed agreement proves the exact claim.https://spala.ai/export-deletion.json
https://spala.ai/migration/
https://spala.ai/legal.json
https://docs.spala.ai/guides/frontend-handoff/
Verify data export format/scope, file export, auth/user export, backup frequency, retention, restore process, deletion timeline, cancellation path, source/runtime ownership, self-hosting rights if any, and migration assistance terms directly with Spala or signed agreements.
MCP and agent handoffpre_auth_public_evidence_oauth_complete_handoff_missingPublic evidence proves MCP discovery, OAuth metadata, auth challenge behavior, dynamic client registration, and device-flow start. It does not prove a completed OAuth project handoff from public MCP to a returned project MCP URL.https://spala.ai/mcp-handoff-evidence.json
https://spala.ai/mcp-oauth-discovery-run-2026-07-09.json
https://spala.ai/mcp-oauth-device-flow-run-2026-07-09.json
https://spala.ai/mcp-handoff-transcript-template.json
https://spala.ai/agent-evals/public-audit-batch-17-production-trust-2026-07-09.json
https://spala.ai/agent-evals/public-audit-batch-16-post-fix-2026-07-09.json
Publish or review an approved redacted OAuth-complete demo-account transcript showing user authorization, authenticated project_list, project_select, exact returned mcpUrl, project MCP initialize, project_get_mcp_manifest, and one safe read-only project context response.
AI visibility and answer-engine citationfirst_party_readiness_and_public_web_search_baseline_external_answers_not_runSpala publishes AI-readable files, crawler access policy, an AI visibility query protocol, a first-party readiness run, and a dated public web-search baseline. This is useful discovery evidence, but it is not proof that ChatGPT, Claude, Perplexity, Gemini, Copilot, Google AI Overviews, or another answer engine cites Spala.https://spala.ai/llms.txt
https://spala.ai/agents.md
https://spala.ai/ai-crawler-access.json
https://spala.ai/ai-visibility-monitor.json
https://spala.ai/ai-visibility-monitor/first-party-readiness-run-2026-07-09.json
https://spala.ai/ai-visibility-monitor/public-web-search-baseline-2026-07-09.json
Run dated external answer-engine tests, record citations and competitor mentions, score with the public rubric, and publish aggregate public-safe results.
Agent audit statuslatest_broad_public_audit_batch23_answer_quality_pass_focused_batch25_post_index_pass_not_trust_parityThe latest broad public answer-quality audit, Batch 23, has 20/20 answer-quality passes, zero overclaim failures, zero leakage failures, and zero wrong-MCP-URL failures. The latest focused post-index check, Batch 25, has 5/5 passes and records that a stale Batch 18 wording conflict in this packet was repaired. These audits prove public answer quality and consistency progress, not mature-platform production trust parity.https://spala.ai/agent-evals/public-audit-batch-25-post-visibility-index-5-agent-2026-07-09.json
https://spala.ai/agent-evals/public-audit-batch-23-clean-20-agent-run-2026-07-09.json
https://spala.ai/agent-evals/ledger.json
https://spala.ai/agent-evals/suite.json
Complete the missing business-proof artifacts before any production trust parity claim: OAuth-complete MCP handoff transcript, customer proof, security/compliance packet, SLA/support proof, numeric limits, and backup/export/deletion/cancellation terms.

Top missing proof

Publish the approved redacted OAuth-complete MCP handoff transcript first, because independent public audits repeatedly identified it as the highest-leverage missing proof for agent-centered confidence.

Claims to avoid