Security Overview
ChatSpark is built with security as a foundational principle, not an afterthought. Our security practices protect:
- Your training data — The content you upload to train your agent
- Customer conversations — Messages between your agent and customers
- Lead information — Contact details captured during chats
- Account credentials — Your login and access information
Questions about security? Contact
security@chatspark.io for security questionnaires or specific inquiries.
Data Encryption
All data is encrypted at rest and in transit:
In Transit
- TLS 1.3 — All connections use the latest encryption
- HTTPS everywhere — No unencrypted connections allowed
- Certificate pinning — For mobile and API connections
At Rest
- AES-256 encryption — Industry-standard database encryption
- Encrypted backups — All backup data is encrypted
- Key management — Encryption keys stored separately
Data Usage & Training
We want to be crystal clear about how your data is used:
- Your data trains YOUR agent only — Content you upload is used exclusively to train your AI agent.
- No cross-customer training — Your data is never used to improve other customers' agents.
- No model training — Your data is not used to train underlying AI models.
- Data isolation — Each customer's data is logically isolated.
Your training data, customer conversations, and lead information belong to you. We don't share, sell, or use it for any purpose other than providing the ChatSpark service.
Access Controls
Secure access to your ChatSpark account:
User Authentication
- Secure password requirements
- Email verification for new accounts
- Session management and timeout
- Secure password reset flow
Team Access (Enterprise)
- Role-based access control
- Audit logs for account activity
- Invitation-based team members
API Security
- API key authentication
- Rate limiting protection
- Key rotation support
Message Retention
Conversation data is retained according to these policies:
- Active accounts — Conversations retained while account is active
- Account cancellation — Data deleted within 30 days of cancellation
- On-demand deletion — Request deletion of specific conversations anytime
- Export available — Download your data before deletion
Need custom retention policies? Enterprise plans support configurable retention periods to meet compliance requirements.
Infrastructure Security
ChatSpark runs on secure, enterprise-grade infrastructure:
- Cloud hosting — AWS and Vercel infrastructure
- DDoS protection — Automatic mitigation of attacks
- Regular patching — Security updates applied promptly
- Network isolation — Services segmented and firewalled
- Monitoring — 24/7 security monitoring and alerting
Uptime & Reliability
- 99.9% uptime SLA (Enterprise)
- Redundant systems and failover
- Regular backup testing
- Disaster recovery procedures
Compliance
Our compliance posture:
- GDPR ready — We support data subject rights for EU customers
- CCPA compliant — California privacy requirements supported
- SOC 2 Type II — In progress (roadmap 2025)
- Data Processing Agreement — Available for Enterprise customers
Data Residency
Data is primarily stored in US data centers. Enterprise customers can request specific data residency options — contact sales for details.
Data Requests
We support your rights to your data:
Data Export
Request an export of all your data including:
- Training data
- Conversation history
- Lead information
- Analytics data
Data Deletion
Request deletion of:
- Specific conversations
- Specific leads
- All account data (upon cancellation)
Contact privacy@chatspark.io for data export or deletion requests.
