Skip to content
RegSpace
Book a demo

Last updated: 21 April 2026

Security

Template under legal review. This document is a working draft and has not yet been reviewed by qualified counsel. It must not be published externally without review and should not be relied upon as legal advice.

Security is a first-class design constraint at RegSpace. Clients entrust us with confidential internal policies; a single cross-tenant leak would be an extinction-level event, so we assume hostile conditions and defend in depth.

Tenant isolation

  • Schema-per-tenant in AlloyDB. Each tenant has its own Postgres schema (tenant_<uuid>); no shared tables contain tenant-scoped business data. A mis-scoped query fails to resolve rather than returning another tenant’s rows.
  • Row-level security policies applied as defence-in-depth within each tenant schema.
  • Per-tenant GCS bucketsencrypted with a tenant-specific Cloud KMS key (CMEK). Revoking the key instantly renders that tenant’s data unreadable.
  • Inference-context guards. Every LLM call is tagged with a tenant_id that must match the retrieval context, the prompt template fill, and the tool-call arguments. Mismatch fails closed and raises an alert.

Encryption

  • TLS 1.3 in transit; HSTS preload on all hosts.
  • AES-256 at rest via Cloud KMS; per-tenant CMEK.
  • Keys rotated annually; rotation is zero-downtime.

Authentication and access

  • Firebase Auth with organisation custom claims; SSO via SAML/OIDC on enterprise plans.
  • MFA required for all RegSpace staff accounts.
  • Production access is break-glass only, time-bound, peer-approved, and fully audited.

Model-provider controls

  • LLM inference via enterprise endpoints with zero-retention terms where available.
  • No training or fine-tuning on client data.
  • Second-opinion review uses a different provider than the primary writer; divergence triggers human escalation rather than silent agreement.

Audit trail

Every agent action, tool call, model version, and human decision is recorded in a hash-chained audit log (record[n].prev_hash = sha256(record[n-1])). Daily we anchor the tip hash to a GCS Object-Lock bucket; any tampering is detectable and the chain is reproducible on demand.

Data residency

  • UK/EU tenants: europe-west2 (London).
  • US tenants: us-central1.
  • Residency is pinned at onboarding and enforced by infrastructure policy.

Software supply chain

  • Dependencies pinned and scanned; Dependabot and Snyk on all repos.
  • Signed commits required for production deploy branches.
  • CI/CD via Workload Identity Federation — no long-lived service-account keys.
  • Container images built from a pinned base, scanned, and signed with Sigstore.

Incident response

We maintain a written incident-response plan with roles, paging rotation, forensics playbooks, and communication templates. Confirmed personal-data breaches are notified to affected clients without undue delay and in any event within 72 hours, in line with GDPR.

Attestations (in progress)

  • SOC 2 Type 1 — in scope, target 2026.
  • ISO 27001 — under consideration for 2027.

Responsible disclosure

If you believe you’ve found a vulnerability, email security@regspace.ai. Please do not access other tenants’ data or disrupt the Service. We commit to acknowledging within 2 business days and to keeping reporters informed through triage, fix, and coordinated disclosure.