Policies & Data

privacy policy please refer to our privacy policy here for details on how we collect personal information data protection our data processing agreement sub processors cookies information terms of service please refer to our terms of service here security policy at sparklayer, we understand the responsibility we bear in managing customer data, and we are dedicated to ensuring its safety and security we maintain a comprehensive set of security policies that continually evolve and adapt as we work diligently to safeguard your information the protection of customer data is of utmost importance to sparklayer, and we prioritise a security first approach in the design of our software read full policy data centre security to uphold our commitment to security, we host our systems on cloud service providers that align with our stringent security standards currently, we use the google cloud platform, which reflects our values and provides robust physical security measures for further information on their physical security practices, please visit cloud google com/security encryption we employ encryption at rest, at work, and in transit to ensure the protection of customer data all our encryption processes adhere to the best practices provided by google, our trusted encryption provider this means that all data transmitted between you and our services is encrypted using transport layer security (tls), and all data stored within google is encrypted for maximum security two factor authentication and security keys we require employees to use two factor authentication (2fa) whenever possible for the services we use as a business we provide employees with security keys (fido u2f) and prefer their use over time based one time passwords and text message based two factor authentication solutions whenever feasible, we enforce the use of 2fa through the security keys this ensures that even if a password is compromised, unauthorised access is prevented as cyber attackers would also need physical possession of our hardware role based access access to sparklayer systems is granted to employees on a need to know basis, limiting the scope of potential compromise and ensuring security is maintained internal security training and policies sparklayer maintains a comprehensive set of internal security policies that all employees are required to understand and adhere to these policies cover various aspects, including the use of strong passwords, full disk encryption of business computers, email policies, limitations on data use and storage, and more security minded software development practices we adhere to the principle of "security by design" in our software development practices, integrating security considerations throughout the entire software development life cycle this includes implementing secure coding standards to prevent common vulnerabilities, conducting code reviews before deployment to production, and employing automated testing to identify potential security weaknesses our staff undergo regular training to ensure they remain up to date with the latest practices recommended by the open web application security project (owasp) up to date software to mitigate known vulnerabilities, sparklayer ensures the use of up to date versions of operating systems, kernels, packages, and libraries we prioritise automation as much as possible, using our ci/cd platform, github, to streamline the process of keeping our software stack current and secure in our production environment backups for all systems containing customer data, we have implemented automated daily backups additionally, we enable point in time recovery wherever possible we rely on our trusted google cloud provider to handle backup operations, ensuring that backups are encrypted and stored in three separate data centres review and update regular review and testing are essential for the effectiveness of any policy at sparklayer, we conduct thorough policy reviews and testing twice a year this enables us to identify areas for improvement and promptly implement necessary actions to enhance our security and policies sparklayer remains committed to the highest standards of data security, continuously improving our practices to safeguard customer information incident management policy this policy's aim is to lessen the impact on any incidents that may affect customers of sparklayer, ensuring minimal impact to our services the policy encompasses a variety of incidents that could interrupt our services or put our systems or customer data at risk this includes everything from minor technical issues to significant cybersecurity threats read full policy when an incident is identified, it's brought to the wider team's attention via our internal communication platform an experienced team member is then chosen to lead the incident, taking charge of communication and delegating tasks to make sure the incident is resolved quickly incidents are classified based on their severity and potential effect on our customers and services this classification determines the resources allocated to handle the incident and the level of communication needed once an incident is identified and classified, our incident response team (irt) will start suitable response procedures investigation the irt will start by probing the incident to find its cause and potential impact containment and eradication the irt will work to contain the incident and prevent further damage, then focus on eliminating the incident's source recovery and restoration the irt will then prioritise recovering the affected systems and getting services back to normal post incident review after resolving the incident, the irt will conduct a review to understand the root cause, evaluate the response's effectiveness, and pinpoint areas for improvement throughout the incident management process, we aim to keep our customers in the loop we understand that communication is vital during these events, and we'll provide regular updates on the incident's status and our response we encourage our customers to report any incidents or security concerns related to our services this can be done by emailing our customer support team at support\@sparklayer io with "urgent security" in the subject line please note when using our urgent incident response (as detailed above), please do not add additional team members into your email as this may affect our response times only the email address support\@sparklayer io should be included in your email we regularly review and test this incident management plan to ensure it remains current and effective our goal is to continually enhance our incident response capabilities to serve our customers better business continuity planning the aim of this business continuity plan (bcp) is to ensure that sparklayer can maintain its critical operations during a disaster or significant disruption this plan encompasses our entire organisation and is applicable to disruptions ranging from small scale, internal incidents to large scale, community wide disasters read full policy in such events, our primary objective will be to ensure the continuance of our software development and customer support functions, thereby maintaining uninterrupted service for our customers additionally, we will strive to protect our organisational infrastructure, preserve the integrity of customer data, and ensure the financial viability of our operations the ceo will lead the execution of this plan in a disaster situation a dedicated business continuity team, comprising members from various departments, will support them their roles will include, but not be limited to, managing communication, preserving resources, and coordinating recovery efforts to support immediate communication in the event of a disruption, we maintain an up to date list of emergency contacts for our staff, key vendors, and customers this list will be utilised to communicate crucial information about the situation and our response upon the onset of a disaster, our first response will prioritise the safety of our employees ensuring our team is safe and secure is paramount to our recovery efforts following this, we will initiate our disaster recovery strategies, focusing primarily on restoring our saas services, which form the backbone of our service delivery we have identified key operational areas and their requisite resources to guide our recovery strategy this includes hardware and software systems, physical locations, and critical personnel our strategy includes offsite data backup and recovery systems, alternative communication methods, remote working capabilities, and redundancy plans for critical roles throughout this process, we will maintain a clear and constant line of communication with our customers to keep them informed about our recovery progress and expected service resumption times regular updates will be provided via email and, when necessary, directly via phone this business continuity plan undergoes regular review and testing to ensure its effectiveness and adaptability to evolving business needs and potential risks any lessons learned from the reviews, tests, or actual events will be used to enhance our strategies and procedures continuously, thereby reinforcing our preparedness to deal with future disruptions browser support we currently support the latest two versions of the following major browsers google chrome mozilla firefox apple safari microsoft edge apple safari for ios google chrome for android and ios please note, sparklayer may not work fully with beta or pre release versions of these browsers sparklayer as a shopify partner as an approved shopify partner and a publicly listed shopify app https //apps shopify com/sparklayer , at sparklayer we have a duty to ensure our solution maintains compatibility with shopify as their own platform is updated our team regularly reviews upcoming shopify releases, improvements, and platform updates and carefully reviews any technical or operational changes that may be required so as not to interfere with our service in any way