Spara Documentation
  • Overview
    • What is Spara?
    • How can Spara help?
  • Channels
    • AI Chat: Smartbar, Navigator & Fullscreen
      • Spara Smartbar
      • Spara Navigator
      • Spara Fullscreen
    • AI Email
    • AI Phone Calls
  • Platform
    • Leads
    • Journeys
    • Analytics
    • Library & AI Training
    • Testing
  • Installation Guide
    • Installing Spara Chat
      • Installing Spara Smartbar
      • Installing Spara Navigator
      • Installing Spara Fullscreen
      • Installing Spara on Webflow
    • Query Parameters
    • JavaScript Events
  • Installation FAQ
  • Integrations
    • Salesforce
    • Hubspot
    • Marketo
    • Slack
    • Chili Piper
    • Calendly
    • Outreach
  • Other
    • Security & Compliance
Powered by GitBook
On this page
  1. Other

Security & Compliance

FAQ and resources on Spara security & compliance

Last updated 3 months ago

Spara is built to be enterprise-grade, so security and compliance are paramount to us.

What compliance frameworks does Spara conform to and audit?

Spara is SOC 2 Type II compliant. Our latest report can be .

What are Spara's security and compliance policies?

Spara's security and compliance policies can be . This policy packet includes:

  • Human Resource Security Policy

  • Code of Conduct

  • Third-Party Management Policy

  • Risk Management Policy

  • Asset Management Policy

  • Data Management Policy

  • Cryptography Policy

  • Secure Development Policy

  • Access Control Policy

  • Business Continuity and Disaster Recovery Plan

  • Operations Security Policy

  • Physical Security Policy

  • Information Security Roles and Responsibilities

  • Information Security Policy (AUP)

  • Incident Response Plan

What is Spara's privacy policy?

Where is Spara hosted?

Customer data is stored in U.S. data centers. Some data (HTML pages & assets) may be cached in other geographies by our CDN. Access to private content through our CDN is always validated through our application servers using a complex permissions system.

Is customer data encrypted?

How does Spara handle PII?

PII is only stored on our production database with strict RBAC. All data is anonymized before porting to lower environments.

Spara will delete any customer's PII within 60 days of contract termination.

How are users authenticated?

Spara supports SSO/SAML authentication as well as email/password authentication. In the case of email/password authentication Spara requires the password to be:

  • At least 8 characters long.

  • At least one uppercase character

  • At least one lowercase character

  • At least one number

  • Not be a known compromised password

Spara's privacy policy is available on our website .

We are hosted on , which is backed by the same infrastructure and security that Google uses for its own services.

Google follows or even leads most of the industry's best-practices and is compliant with most major security .

Yes, all customer data is encrypted at rest and in-transit via Cloudflare. At rest on Google Cloud Platform, using .

viewed here
viewed here
here
Google Cloud
standards and certifications
multiple layers of AES256-AES128