Company · Security
We hold our own data to the standard we hold adversaries to.
ThreatSpire is built and continuously tested by offensive-security practitioners. Security is not a checkbox bolted on at the end; it is how the platform is designed, from tenant isolation to how we handle your intelligence data.
How we protect your data
Defense in depth, by design.
Tenant isolation
Every customer's data is strictly separated. One organization can never see or act on another organization's data.
Authentication and access
Single sign-on, multi-factor authentication including authenticator apps and passkeys, and role-based access control with least privilege.
Encryption
Data is encrypted in transit with TLS and at rest, so intelligence stays protected end to end.
Hardened infrastructure
Runs on managed cloud infrastructure with network controls and isolation. Secrets and API keys live in a managed secrets store, server-side only, and are never exposed to the browser.
Secure development
Automated security linting and dependency scanning run in our CI pipeline alongside code review and an automated test suite, so changes are vetted before they ship.
Monitoring and audit
Activity is logged with audit trails, and the platform is monitored for anomalous behavior.
Your data, your control
No sale. No side deals.
We do not sell your data, and we do not provide customer data to third parties for their own purposes. We use a limited set of vetted infrastructure subprocessors under contract solely to operate the service.
The legal commitments behind this are in our Privacy Policy and our Data Processing Addendum.
AI you can trust
Assistive. Analyst-controlled.
Humans decide
Our AI features are assistive and analyst-controlled. AI produces drafts that a human reviews. We do not make automated decisions with legal or similarly significant effects.
No training on your content
Customer prompts and content are processed by our cloud AI provider as a subprocessor solely to generate outputs for you, and are not used to train third-party foundation models.
Responsible disclosure
Found a vulnerability? We work with researchers in good faith.
Review our policy for scope, safe harbor, and what to expect after you report.
Have a security question before you buy?
Talk to our team or write directly to security. We answer diligence questions in plain language, with the same evidence-first approach we apply to adversaries.