Security & Compliance

Security & Trust Center

Our commitment to confidentiality, integrity, and availability across people, process, and technology.

Explore Controls Reports & Artifacts

Last updated: October 2025

Data Encryption

Data is encrypted in transit (TLS 1.2+) and at rest (AES‑256 or equivalent). Secrets are stored in a managed KMS.

Access Controls

Least privilege, SSO/MFA, role-based access, and regular access reviews for all production systems.

Reliability

Multi‑AZ architecture, automated backups, disaster recovery runbooks, and continuous monitoring.

Application Security

  • Secure SDLC with threat modeling and code review.
  • Dependency scanning (SCA) and static/dynamic analysis (SAST/DAST).
  • Secrets management and environment segregation (dev/stage/prod).
  • Vulnerability management with defined SLAs for remediation.

Infrastructure Security

  • Cloud-native security baselines and CIS-aligned hardening.
  • Network segmentation, security groups, and WAF.
  • Endpoint protection and centralized logging (SIEM).
  • Automated configuration management and IaC scanning.

Data Protection

  • Encryption at rest and in transit; field‑level encryption for sensitive data.
  • Data minimization, retention schedules, and secure deletion.
  • Backups with regular restore tests; integrity checks.
  • DLP guardrails for exports and audit trails for access.
“`

Identity & Access Management

  • SSO (SAML/OIDC), enforced MFA, and RBAC for internal/admin tools.
  • Just‑in‑time access and break‑glass procedures with approvals.
  • Quarterly access reviews and automated provisioning/deprovisioning.

Monitoring & Incident Response

  • 24×7 alerting on key controls and security events.
  • Playbooks for triage, forensics, and customer notification.
  • Post‑incident reviews (PIRs) and corrective action tracking.

Business Continuity

  • Documented BCP/DR with RPO/RTO objectives.
  • Tabletop exercises and failover tests.
  • Vendor risk management and supply chain assessments.
“`

Reports, Policies & Artifacts

Artifacts available under NDA or via our Trust portal.

SOC 2 / ISO Reports

Most recent Type II period and ISO 27001 certificate (if applicable).

Request access →

Penetration Test Summary

Annual external pen‑test results with remediation status.

View summary →

Sub‑processor List

Live inventory of sub‑processors with purpose, location, and data types.

See list →

Policies

Information security, acceptable use, incident response, and data retention policies.

Browse policies →

Status & Uptime

Real‑time platform status and historical uptime.

Visit status page →

Data Requests

DPO contact and guidelines for privacy/data subject requests.

Privacy resources →

Responsible Disclosure

We welcome reports from security researchers. If you believe you’ve found a vulnerability, please email security@sparkleintelligence.com with details and reproduction steps. Do not publicly disclose before remediation. We commit to timely triage and respectful collaboration.

  • Make a good‑faith effort to avoid privacy violations and service disruption.
  • Only interact with accounts you own or have permission to test.
  • No extortion or threats; allow reasonable time for remediation.

Security Contact

For security inquiries or incident reports:

security@sparkleintelligence.com

Privacy & DPO

For privacy questions or data subject requests:

privacy@sparkleintelligence.com

This page is for informational purposes and may be updated as our controls evolve.