Data protection, security, and risk management

The platform is designed on the assumption that sensitive information, planning data, and personal information require conservative handling and clear ownership. Data protection and security controls are applied by default rather than as optional configuration.

Security is treated as a shared responsibility across platform design, deployment configuration, and operational governance. Where risks exist, they are identified and addressed through architectural controls, process design, and operational safeguards.

This section is intended to support review by information security, privacy, risk, and governance teams.

Detailed technical controls and deployment-specific configurations are described in the sections that follow.

Data ownership and sovereignty

All data processed by Spero-ai remains the property of the client organisation at all times. The platform does not assert ownership over client data, reuse it for unrelated purposes, or transfer control outside agreed deployment boundaries.

Data sovereignty considerations are addressed through deployment choices, architectural isolation, and explicit access controls.

Data ownership and control

Spero-ai operates as a data processor acting on behalf of the client organisation.

This means:

• Client organizations retain full ownership of their data

• Data is used only to support agreed workflows and services

• No client data is used to train shared models or for unrelated analysis

Access to data is governed by role-based permissions aligned to organisational structures and delegations. Spero-ai personnel access is restricted and logged where operational access is required.

Data residency and jurisdiction

The platform supports deployment configurations that align with data residency and jurisdictional requirements.

Depending on organizational needs, data may be:

• Hosted within Australian-based infrastructure

• Deployed within government or sovereign cloud environments

• Retained entirely within client-controlled infrastructure

Data location is not abstracted or obscured. Deployment decisions explicitly determine where data is stored and processed, and these boundaries are maintained through infrastructure and access controls.

Environment isolation and tenant separation

Client environments are logically and, where required, physically isolated.

This includes:

• Separation of data stores between organizations

• Isolation of processing environments to prevent cross-tenant access

• Independent encryption, access policies, and audit logs

This approach reduces the risk of data leakage, simplifies security review, and supports compliance with organisational and regulatory requirements.

Data lifecycle management

Spero-ai manages data according to a defined lifecycle, from ingestion through to retention and deletion. Data handling is designed to support accuracy, traceability, and compliance with organisational and regulatory requirements.

Lifecycle controls are enforced through system design rather than relying on user discretion.

Data ingestion and validation

Data enters the platform through controlled ingestion points, including user uploads, system integrations, and structured inputs.

At ingestion:

• Data is validated for format, completeness, and access permissions

• Metadata is captured to support traceability and audit

• Sensitive data handling rules are applied based on configuration

This ensures that only authorised and appropriately classified data enters downstream workflows and AI-assisted processing.

Storage, retention, and archival

Data is stored in accordance with the deployment configuration and the client’s retention requirements.

Key considerations include:

• Separation of active and archived data

• Retention periods aligned to organizational policy and regulatory obligations

• Protection of data at rest through encryption and access controls

Archival processes are designed to preserve evidentiary integrity while reducing exposure of inactive data.

Deletion, exit, and data recovery

The platform supports controlled deletion and exit processes to meet privacy and operational requirements.

This includes:

• Deletion of data in accordance with retention schedules and legal obligations

• Support for data export during contract exit or system transition

• Recovery mechanisms to address accidental deletion or operational error

Deletion and recovery actions are logged to support audit and verification.

Security architecture

Spero-ai is designed with security controls applied across infrastructure, application, and operational layers. The security architecture follows a defence-in-depth approach and aligns with common practices in government and regulated enterprise environments.

Controls are implemented through system design, deployment configuration, and operational processes rather than reliance on policy alone.

Infrastructure and platform security

Security controls begin at the infrastructure level and are inherited and reinforced through platform configuration.

Key elements include:

• Segregated environments for development, testing, and production

• Network isolation between core services, AI components, and integrations

• Encryption of data at rest and in transit

• Hardened runtime environments with minimal service exposure

Where cloud infrastructure is used, the platform leverages native security controls provided by the underlying environment. Where deployed in private or on-premise environments, equivalent controls are applied through infrastructure configuration.

Identity, access, and permissions

Access to Spero-ai is governed through role-based access controls aligned to organisational roles and responsibilities.

This includes:

• Least-privilege access by default

• Separation of administrative, operational, and user roles

• Explicit permissions for sensitive actions and data access

• Support for integration with organizational identity providers

Access controls are enforced consistently across user interfaces, APIs, and administrative functions. Privileged access is restricted and subject to additional logging and review.

Logging, monitoring, and incident handling

Security-relevant events are logged to support monitoring, investigation, and audit.

This includes:

• Authentication and authorization events

• Data access and modification activity

• Use of AI-assisted functions within workflows

• Administrative and configuration changes

Logs are designed to support both operational monitoring and post-incident analysis. Incident handling procedures are aligned with organisational requirements and support coordinated response, containment, and review where required.