FAQ

1. Is Softspell SOC 2 compliant?

Yes, Softspell meets SOC 2 standards for security and availability. We have SOC2 Type 2 compliance

2. Does Softspell support Single Sign-On (SSO)?

Yes, it integrates with enterprise identity providers via Single Sign-On.

3. How does Role-Based Access Control (RBAC) work?

RBAC ensures only authorized users can access specific modules.

4. Does Softspell comply with international data protection laws?

Our platform ensure least data retention, with regional data residency, doesn't store or process any PII information of the users.

5. Where do the core components run (IDE plug-in, orchestration layer, knowledge/index store, LLM runtime)?  

- The IDE plugin runs on the developer’s local machine, with all code indexes stored locally on the developer’s system.
- The orchestration layer functions as a secure pass-through backend within the SoftSpell platform.
- We use secure LLM services from AWS and Azure, with additional guardrails applied for enhanced security and compliance.

6. Is traffic private (PrivateLink/VNet peering) or does it traverse the public internet?

All interaction from developer system to the platform happens over secure TLS protocol.  

7. Is data federated or copied? Where is it persisted, for how long, and under whose access control?

With respect to the coding assistant feature of SoftSpell, nothing is stored in the platform. Every code that SoftSpell generates/modifies resides with the developer IDE.

8. Can egress be restricted to allow-listed endpoints only?  

Yes, user can whitelist our platform wildcard domain to allow secure access from customer network.

9. Whether any customer data ever leaves a private cloud boundary.

No customer data ever leaves our private SaaS environment.