Trust

Security at Aspiresly.

A short, plain-language summary of how we protect your data. For deeper detail or to request our SOC 2 report, email hello@aspirescapital.com.

Our approach

We treat security as a product feature, not a checkbox. Every engineer touches code only through reviewed pull requests, every production action is logged, and every customer-facing endpoint is rate-limited and monitored.

Encryption

All data in transit is encrypted with TLS 1.2 or higher.
All data at rest is encrypted with AES-256.
Customer secrets (API keys, tokens) are encrypted in a dedicated key store with per-tenant keys.

Infrastructure

Hosted on a Tier 1 cloud provider with ISO 27001, SOC 2 Type II, and PCI-DSS certifications.
Production access is restricted to a small on-call team, gated by SSO and hardware keys.
Daily encrypted backups, retained for 30 days, tested quarterly.

Application security

Single Sign-On (SAML, OIDC) on Enterprise plans.
Role-based access control: Owner, Admin, Rep, Viewer.
Audit log of every action taken in your workspace.
Annual third-party penetration test, results available under NDA.

Compliance

SOC 2 Type II GDPR aligned HIPAA ready ISO 27001 aligned

Customers under GDPR can request our Data Processing Agreement at any time. Customers in regulated industries (healthcare, finance) can request HIPAA BAAs on Enterprise.

Incident response

We maintain a 24/7 incident response process. If we detect a breach that affects you, we will notify you within 72 hours, alongside our regulators.

Reporting a vulnerability

We welcome reports from security researchers. Please email hello@aspirescapital.com with the subject "Security report". We do not currently run a paid bounty, but we will publicly thank researchers who give us a reasonable chance to fix issues before disclosing them.

Want our full security pack?

Send a quick note and we will share our SOC 2 report and pen test results under NDA.

Request the pack