§ Security

Your pipeline, locked tight.

This page is maintained by the Spark team to answer common security and privacy questions. It's not a certification — it's a plain-English description of how we run.

Encrypted at rest and in transit

All customer data is encrypted at rest and traffic is TLS-only. Sensitive credentials are stored in isolated secret storage, never on disk in plain text.

Least-privilege by default

Row-level security scopes every read and write to your workspace. Support access requires explicit workspace-owner consent, and everything is audit-logged.

Human-approved outreach

Spark never auto-sends. Every comment and DM lands as a draft first. That's a safety property, not a feature — it's how we keep your account healthy.

Your data, your export

Export or delete your workspace data whenever you want. Deleted workspaces are purged from primary storage inside 30 days.

Report a vulnerability

Found something we should fix? Email security@startspark.ai with steps to reproduce. We acknowledge within one business day and coordinate disclosure with credit.