SECURITY

Your data is safe with us

We take security seriously. Here's how we protect your business data at every layer.

Encryption everywhere

All data is encrypted in transit with TLS 1.3 and at rest with AES-256 encryption. API keys, passwords, and tokens are hashed with bcrypt and never stored in plain text.

Enterprise-grade infrastructure

Our platform runs on enterprise cloud infrastructure with automatic failover, geographic redundancy, and 99.9% uptime SLA. Each customer's data is logically isolated.

SOC 2 compliance

Our infrastructure providers maintain SOC 2 Type II certification. We follow SOC 2 trust principles for security, availability, and confidentiality in our own operations.

Access controls

Role-based access controls ensure team members only see what they need. All authentication uses secure session management with multi-factor authentication support.

Automatic backups

Customer data is backed up continuously with point-in-time recovery. Backups are encrypted and stored in geographically separate regions for disaster recovery.

Regular security audits

We conduct regular penetration testing and vulnerability assessments. Our codebase undergoes automated security scanning with every deployment.

DATA HANDLING

How we handle your data

Where is my data stored?

Your data is stored on encrypted servers in the United States. We use Neon (PostgreSQL) for database hosting with automatic encryption and geographic redundancy.

Can I export my data?

Yes. You can export all your data at any time in standard formats (CSV, PDF). We believe your data belongs to you — not us.

What happens if I cancel?

Your data remains available for export for 30 days after cancellation. After that, it's permanently deleted from our active systems within 90 days.

Do you share data with third parties?

Never for advertising or marketing. We only share data with service providers (payment processing, email delivery) that are necessary to operate the platform, and they are contractually bound to protect it.

How do you handle security incidents?

We maintain an incident response plan and will notify affected customers within 72 hours of discovering a confirmed data breach, in accordance with applicable law.

Have a security question or want to report a vulnerability? Contact us at security@eversparc.com