Is Speckle Safe To Use?
Welcome to SpeckleContext! This is your go-to series for answering burning industry questions leading up to the November SpeckleCon conference.
As an AEC open-source platform hosting endless projects and components, we frequently address important questions related to user data.
These questions generally gravitate into four themes:
- Where is my Speckle data stored?
- Is my data safe?
- Who owns my data, and what happens when I stop using Speckle?
- What can Speckle do with my data?
Just like our code, how we approach data security and privacy is a topic we’re very open about. Let’s get granular and answer all of the above!
Where is my Speckle data stored?
We host your data in the UK by default.
Still, since Speckle is cloud provider agnostic (a flexible platform that works with any cloud provider), you and your team can host data wherever suits you or your project requirements best as a part of our upcoming Team and Enterprise plans. Book a meeting to learn more about it!
Speckle already has data centres across 9 regions:
- United Kingdom
- United States
- Canada
- Netherlands
- Germany
- Singapore
- India
- Australia
And we're working on increasing coverage even further through 2024!
We’re proud to point out that Speckle offers significantly higher data regionality availability than some leading AEC software providers. For example, the biggest proprietary software provider offers data storage for some products only in the EU, USA, and Australia regions.
As architects and engineers, we believe the best AEC software needs to allow you to choose the specific location and server for your data storage because of contractual rights or specific governmental regulations. So that’s exactly what Speckle can give you!
Being Open Source, you can deploy Speckle on your infrastructure (even in air gap rooms!), ensuring your ability to egress your data to a platform that remains within your control and complies with your security policies at any time.
Have custom needs or questions? We’re happy to talk!
Is my data safe?
Yes.
There’s a misconception that open source reduces data security because it’s “open”. Having more eyes on the code allows for better security, transparency, and longevity. The data supports this, as over 50% of the market’s database engines are open source.
Even Germany’s Federal Office for Information Security and the Swiss Government, both not particularly known to be fierce innovators at the bleeding edge of innovation, push for OSS (open source software), emphasising its safety.
Speckle ensures your data is secure and private, allowing full access and ownership control. With a transparent and community-reviewed code base, robust encryption protocols, and managed contributions, Speckle resolves issues quickly and maintains high-security standards through collective global efforts.
Speckle is in the process of getting certified to nail the data conversation on the head. We are working on receiving both ISO 27001 and SOC 2 certifications.
What are ISO 27001 vs SOC 2 Certifications?
They’re two of the most popular information security and risk management frameworks globally, each with benefits.
SOC 2 and ISO 27001 help attest to data protection measures a company is taking, sharing 96% of the same controls but differing in how they are implemented.
ISO 27001 focuses on creating and maintaining an information security management system (ISMS), requiring a risk assessment, security controls, and regular reviews.
SOC 2 is more flexible, covering five Trust Services Criteria—Security, Availability, Processing Integrity, Confidentiality, and Privacy—but only Security is mandatory.
For certification, both need an external audit. Accredited bodies do ISO 27001 audits, while SOC 2 audits are performed by licensed Certified Public Accountants (CPAs). The process includes a gap analysis, implementing necessary controls, and an audit.
We’ve written a lot about the nature of OSS, and we’ll go into more detail in future episodes of the SpeckleContext series. Still, regarding the security of your data, we can conclude that the open-source aspect does not affect security in a negative way whatsoever.
Who owns my data, and what happens when I stop using Speckle?
With Speckle, you own your data and have full control over it! That’s the beauty of it.
The data on a Speckle server is not automatically available to everyone. Whatever information you produce is owned by you, and you can choose how to share it and with whom.
There are several levels of privacy that allow you to fine-tune access (link sharing, read/write and project teams).
If you stop using Speckle, you can do whatever you want with your data. Push it back into the application of your choice, or get a copy of your database and set up your own Speckle server.
What can Speckle do with my data?
You own the content you create; you have control over your content and responsibility for it, and the rights you grant us are limited to those we need to provide the service and support.
However, we can remove content or close accounts in extraordinary circumstances (e.g. content violating the law).
What’s Next?
Join us at SpeckleCon, where you and your team can present projects you are proud of.
Showcase how you leveraged Speckle's open, connected and collaborative aspect, and let’s shape a brighter future for AEC together.
Subscribe to Speckle News
Stay updated on the amazing tools coming from the talented Speckle community.