Security and compliance

We work with a wide range of industries that rely on electronics design — from consumer electronics and medical devices to aerospace, automotive, industrial automation, and more!

If your team designs hardware, especially using schematics, layouts, and BOMs, there’s a high chance we can support your workflows. Contact us to tell us more about your specific needs.

Though most of our users are on the cloud, we do have a self-hosting option if that’s a policy for your company. Given the added complexity in deployment and support requirements, we only offer this alternative for teams with a minimum of 10 users.

For ITAR controlled designs, there’s a Gov Cloud alternative as well.

To check for specific IT security requirements, send us a note at support@allspice.io and we’ll be happy to verify those for you.

Yes. We run regular vulnerability scans and maintain an internal Incident Response Plan. In case of a breach or incident, we notify affected customers and take immediate action.

We perform full daily backups of customer data and store them securely in accordance with our Backup Policy. Backups are tested regularly for integrity.

Absolutely. If your team has specific security or compliance questions, feel free to reach out.→ Ask our security team

Our AI features never use customer data for training shared models. All AI-powered reviews are run on private, isolated instances and respect your team’s confidentiality and IP protection.

Protecting customer data is our highest priority. Our policy is to match or exceed all security measures for comparable products, such as GitHub & Gitlab.

Here are a few examples of the many ways we protect your data:

– Data Transfer: We use only encrypted transfers to our servers (SSH + HTTPS) and use a one-way hash of all user passwords using bcrypt (same as GitHub).

‍
– Servers: We use only SOC 3 Type 2 and/or ISO27001 compliant servers with customer data encrypted at rest with LUKs encrypted mounts.
‍
– Testing: We continuously test our systems against common attack vectors, including XSS, dependency injection, ReDOS, MitM, etc.
‍
– Rootless: We use multiple levels of protection including rootless runners on our servers, which prevent malicious actors from installing or running arbitrary code to collect user data in the case of an XSS attack. If you have further questions or concerns, please email us at security@AllSpice.io.

We use AWS infrastructure, with servers hosted in the United States. For customers with stricter compliance needs, we offer hosting in GovCloud and customer-managed/self-hosted deployments.

Upon account termination, we follow strict data deletion policies. You can export your data at any time. For enterprise customers, we also support custom data retention and deletion agreements.