← Back to home

Security

How we keep your data safe and secure

Our Commitment to Security

At Sparc, security is not an afterthought—it's built into everything we do. We employ industry-standard security practices to protect your data and maintain the integrity of our platform.

Data Encryption

🔒 End-to-End Protection

All data transmitted to and from Sparc is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption.

Infrastructure Security

  • Cloud Infrastructure: We use enterprise-grade cloud providers with SOC 2 Type II certification
  • Database Security: Supabase PostgreSQL with Row Level Security (RLS) policies
  • Network Security: Firewall protection and DDoS mitigation
  • Regular Backups: Automated daily backups with point-in-time recovery

Authentication & Access Control

  • Secure Authentication: Industry-standard authentication powered by Supabase Auth
  • Password Security: Passwords are hashed using bcrypt with salt
  • Role-Based Access: Strict access controls based on user roles
  • Session Management: Secure session handling with automatic expiration

Application Security

  • Input Validation: All user inputs are validated and sanitized
  • SQL Injection Protection: Parameterized queries prevent SQL injection
  • XSS Protection: Content Security Policy and output encoding
  • CSRF Protection: Built-in CSRF token validation

Payment Security

We use Stripe for payment processing, which is PCI DSS Level 1 certified. We never store your credit card information on our servers.

Privacy by Design

  • Anonymous by Default: Candidates remain anonymous until they choose to reveal their identity
  • Data Minimization: We only collect data necessary for platform functionality
  • User Control: You have full control over your data and can delete it anytime

Monitoring & Response

  • 24/7 Monitoring: Automated security monitoring and alerting
  • Incident Response: Documented incident response procedures
  • Security Updates: Regular security patches and updates
  • Vulnerability Management: Regular security audits and penetration testing

Compliance

Sparc is committed to complying with:

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • Industry best practices and standards

Your Responsibility

While we implement strong security measures, you also play a role:

  • Use a strong, unique password
  • Never share your login credentials
  • Log out from shared devices
  • Report suspicious activity immediately

Report a Security Issue

🚨 Found a security vulnerability?

We take security seriously. If you discover a security issue, please report it to:

Email: security@sparc.app

Please do not publicly disclose the issue until we've had a chance to address it.

Questions?

If you have questions about our security practices, contact us at security@sparc.app