Security
Specta is built by a CISSP-certified engineer (Chris Ballance, 25 years in software, security-first by training). Until the product opens, this page describes the security posture of the marketing site and the waitlist:
Data we hold today
Only what the waitlist form collects: email, and optionally practice area, US state, and a free-text note. Plus minimal request metadata (IP address and user-agent string) for spam triage.
Where it lives
A single SQLite database on the same host that serves this page, behind a Caddy-managed TLS termination. No third-party analytics, no trackers, no shared cookies.
Where it goes
A signup triggers one transactional email to the founder via Resend, our authenticated email provider. Recipients of follow-up email from us are people who joined the waitlist; there is no broader list.
What's coming
The full product will publish its security model (authentication, encryption at rest, audit logging, backup posture, vendor list) before any client data flows through it. This page will be updated to match.
Security questions: hello@specta.legal.