Useful Links
Policies & Data

Privacy Policy
Please refer to our privacy policy here for details on:
How we collect personal information
Data Protection - Our Data Processing Agreement
Sub-Processors
Cookies information
﻿
Terms of Service
Please refer to our terms of service here﻿
﻿
Security Policy
At SparkLayer, we understand the responsibility we bear in managing customer data, and we are dedicated to ensuring its safety and security. We maintain a comprehensive set of security policies that continually evolve and adapt as we work diligently to safeguard your information. The protection of customer data is of utmost importance to SparkLayer, and we prioritise a security-first approach in the design of our software.
Data Centre Security
To uphold our commitment to security, we host our systems on cloud service providers that align with our stringent security standards. Currently, we use the Google Cloud Platform, which reflects our values and provides robust physical security measures. For further information on their physical security practices, please visit cloud.google.com/security.
Encryption
We employ encryption at-rest, at-work, and in-transit to ensure the protection of customer data. All our encryption processes adhere to the best practices provided by Google, our trusted encryption provider. This means that all data transmitted between you and our services is encrypted using transport layer security (TLS), and all data stored within Google is encrypted for maximum security.
Two-Factor Authentication and Security Keys
We require employees to use two-factor authentication (2FA) whenever possible for the services we use as a business. We provide employees with Security Keys (FIDO U2F) and prefer their use over time-based one-time passwords and text message-based two-factor authentication solutions. Whenever feasible, we enforce the use of 2FA through the security keys. This ensures that even if a password is compromised, unauthorised access is prevented as cyber attackers would also need physical possession of our hardware.
Role-Based Access
Access to SparkLayer systems is granted to employees on a need-to-know basis, limiting the scope of potential compromise and ensuring security is maintained.
Internal Security Training and Policies
SparkLayer maintains a comprehensive set of internal security policies that all employees are required to understand and adhere to. These policies cover various aspects, including the use of strong passwords, full-disk encryption of business computers, email policies, limitations on data use and storage, and more.
Security-Minded Software Development Practices
We adhere to the principle of "security by design" in our software development practices, integrating security considerations throughout the entire software development life cycle. This includes implementing secure coding standards to prevent common vulnerabilities, conducting code reviews before deployment to production, and employing automated testing to identify potential security weaknesses. Our staff undergo regular training to ensure they remain up to date with the latest practices recommended by the Open Web Application Security Project (OWASP).
Up-to-Date Software
To mitigate known vulnerabilities, SparkLayer ensures the use of up-to-date versions of operating systems, kernels, packages, and libraries. We prioritise automation as much as possible, using our CI/CD platform, GitHub, to streamline the process of keeping our software stack current and secure in our production environment.
Backups
For all systems containing customer data, we have implemented automated daily backups. Additionally, we enable point-in-time recovery wherever possible. We rely on our trusted Google cloud provider to handle backup operations, ensuring that backups are encrypted and stored in three separate data centres.
Review and Update
Regular review and testing are essential for the effectiveness of any policy. At SparkLayer, we conduct thorough policy reviews and testing twice a year. This enables us to identify areas for improvement and promptly implement necessary actions to enhance our security and policies.
SparkLayer remains committed to the highest standards of data security, continuously improving our practices to safeguard customer information.
﻿
Incident Management Policy
This policy's aim is to lessen the impact on any incidents that may affect customers of SparkLayer, ensuring minimal impact to our services.
The policy encompasses a variety of incidents that could interrupt our services or put our systems or customer data at risk. This includes everything from minor technical issues to significant cybersecurity threats.
When an incident is identified, it's brought to the wider team's attention via our internal communication platform. An experienced team member is then chosen to lead the incident, taking charge of communication and delegating tasks to make sure the incident is resolved quickly.
Incidents are classified based on their severity and potential effect on our customers and services. This classification determines the resources allocated to handle the incident and the level of communication needed.
Once an incident is identified and classified, our Incident Response Team (IRT) will start suitable response procedures:
Investigation: The IRT will start by probing the incident to find its cause and potential impact.
Containment and Eradication: The IRT will work to contain the incident and prevent further damage, then focus on eliminating the incident's source.
Recovery and Restoration: The IRT will then prioritise recovering the affected systems and getting services back to normal.
Post-Incident Review: After resolving the incident, the IRT will conduct a review to understand the root cause, evaluate the response's effectiveness, and pinpoint areas for improvement.
Throughout the incident management process, we aim to keep our customers in the loop. We understand that communication is vital during these events, and we'll provide regular updates on the incident's status and our response.
We encourage our customers to report any incidents or security concerns related to our services. This can be done by emailing our customer support team at [email protected] with "URGENT - Security" in the subject line.
Please note
When using our urgent incident response (as detailed above), please do not add additional team members into your email as this may affect our response times. Only the email address [email protected] should be included in your email. 
We regularly review and test this Incident Management Plan to ensure it remains current and effective. Our goal is to continually enhance our incident response capabilities to serve our customers better.
﻿
﻿
Business Continuity Planning

The aim of this Business Continuity Plan (BCP) is to ensure that SparkLayer can maintain its critical operations during a disaster or significant disruption. This plan encompasses our entire organisation and is applicable to disruptions ranging from small-scale, internal incidents to large-scale, community-wide disasters.
In such events, our primary objective will be to ensure the continuance of our software development and customer support functions, thereby maintaining uninterrupted service for our customers. Additionally, we will strive to protect our organisational infrastructure, preserve the integrity of customer data, and ensure the financial viability of our operations.
The CEO will lead the execution of this plan in a disaster situation. A dedicated Business Continuity Team, comprising members from various departments, will support them. Their roles will include, but not be limited to, managing communication, preserving resources, and coordinating recovery efforts.
To support immediate communication in the event of a disruption, we maintain an up-to-date list of emergency contacts for our staff, key vendors, and customers. This list will be utilised to communicate crucial information about the situation and our response.
Upon the onset of a disaster, our first response will prioritise the safety of our employees. Ensuring our team is safe and secure is paramount to our recovery efforts. Following this, we will initiate our disaster recovery strategies, focusing primarily on restoring our SaaS services, which form the backbone of our service delivery.
We have identified key operational areas and their requisite resources to guide our recovery strategy. This includes hardware and software systems, physical locations, and critical personnel. Our strategy includes offsite data backup and recovery systems, alternative communication methods, remote working capabilities, and redundancy plans for critical roles.
Throughout this process, we will maintain a clear and constant line of communication with our customers to keep them informed about our recovery progress and expected service resumption times. Regular updates will be provided via email and, when necessary, directly via phone.
This Business Continuity Plan undergoes regular review and testing to ensure its effectiveness and adaptability to evolving business needs and potential risks. Any lessons learned from the reviews, tests, or actual events will be used to enhance our strategies and procedures continuously, thereby reinforcing our preparedness to deal with future disruptions.
﻿
﻿
Browser Support
We currently support the latest two versions of the following major browsers:
Google Chrome
Mozilla Firefox
Apple Safari
Microsoft Edge
Apple Safari for iOS
Google Chrome for Android and iOS
Please note, SparkLayer may not work fully with beta or pre-release versions of these browsers.
﻿
SparkLayer as a Shopify partner
As an approved Shopify partner and a publicly listed Shopify app, at SparkLayer we have a duty to ensure our solution maintains compatibility with Shopify as their own platform is updated. Our team regularly reviews upcoming Shopify releases, improvements, and platform updates and carefully reviews any technical or operational changes that may be required so as not to interfere with our service in any way.
Troubleshooting
Status