Security
Hosting, Architecture, and Configurations
Cloud-Based Services
Spruceai.app is hosted on Google Cloud Platform (GCP), leveraging its industry-leading security infrastructure. Customer environments are logically isolated at the application layer, with a multitenant architecture under active development to further enhance workspace isolation. Information about GCP’s security certifications and compliance programs is available on the GCP Security website.
Storage of Customer Data
Spruceai.app is designed to minimize storage of sensitive customer data. When connecting to external databases or APIs, Spruceai.app proxies requests securely through our backend, ensuring credentials remain server-side and are never exposed to the browser. Some user-generated content, such as saved queries, query results, chart configurations, and uploaded files, is stored to provide a seamless user experience. However, Spruceai.app does not store raw database records or transactional data retrieved from your systems.
OpenAI Usage
Spruceai.app uses OpenAI’s API to generate SQL queries, data analysis, and visualization configurations. To protect your data privacy, we primarily share metadata only, including:
• Table and column names
• Data types
• Column descriptions
• Join relationships
For advanced features like chart commentary and insight generation, Spruceai.app may include aggregated query results or summarized chart data. OpenAI will not use our customer’s data to train their model. OpenAI does not have direct access to your databases, and we rely on OpenAI’s published enterprise-grade privacy practices.
Confidentiality and Security Controls
Confidentiality
Access to customer data is tightly controlled. Only authorized personnel can access production systems when necessary for troubleshooting or support. All access is logged, and team members are bound by strict confidentiality agreements.
Data Encryption
Spruceai.app enforces HTTPS encryption for all data in transit. Data at rest, including saved metadata and files, is encrypted using GCP-managed encryption keys. We actively monitor evolving cryptographic standards and apply updates to maintain secure encryption protocols.
Deletion of Customer Data
Users can delete saved data, such as uploaded files and saved queries, directly from the platform. Full deletion of chat histories and associated content is processed upon user request. We are currently implementing automated data deletion policies to ensure timely and complete data removal from backups and storage systems.