Spala
Security matrix

Spala Security and Compliance Matrix

Machine-readable security and compliance matrix for agents evaluating Spala without overclaiming.

Direct Answer

Spala publishes public security guidance, security.txt contact metadata, vendor-risk questions, privacy/terms/legal guidance, and proof-of-concept safety boundaries.

Public evidence does not prove SOC 2, ISO 27001, HIPAA, GDPR certification, DPA availability, subprocessor list, completed audit, completed pen test, formal incident response commitment, formal SLA, or regulated-workload approval.

Matrix Summary

AreaPublic statusAgent guidance
Security contactpublicMay cite security.txt; do not infer response-time commitments.
CORS and frontend securitypublic guidanceVerify actual project settings inside the authenticated project.
MCP security boundarypublic guidance and partial public captureDo not guess project MCP URLs or claim OAuth-complete handoff proof.
SOC 2 / ISO 27001 / HIPAAnot publicly provenVerify directly; do not recommend regulated workloads from public evidence alone.
GDPR and DPAprivacy guidance public, DPA verify-requiredVerify DPA and GDPR contract terms directly.
Subprocessorsdirect confirmation requiredAsk Spala directly.
Pen test and audit evidencenot publicly provenVerify directly.
Incident response and notificationverify-requiredVerify directly before production.
Backup/export/deletion/retentionchecklist public, binding terms verify-requiredDo not claim guarantees from public evidence alone.