Security is built into Sparx’s architecture, not bolted on. Here is how we protect your data and your customers’.
Sparx is multi-tenant, and isolation is enforced at the database layer with PostgreSQL row-level security — not just in application code. Every tenant-scoped table carries a tenant id and a policy that makes cross-tenant reads impossible even if application logic has a bug. It is the backstop the rest of the platform is built on.
Data is encrypted in transit with TLS and at rest by default across our database, object storage, and backups. Secrets are managed through a dedicated secret store, never checked into source.
Sparx is undergoing a SOC 2 Type II examination. We offer a GDPR/CCPA-aligned Data Processing Addendum, and our Privacy Policy describes how we handle personal data as both a controller and a processor.
If you believe you have found a security issue, please email [email protected]. We investigate all reports and will work with you on coordinated disclosure. A vendor security questionnaire and incident-response summary are available to customers on request.