Spot's Commitment to Trust
Providing a secure and private place is central to Spot's mission. Our team comes from a background founding and developing secure enterprise software where customer trust is paramount.
Spot's production infrastructure is located on our Infrastructure as a Service (IaaS) provider, Amazon Web Services (AWS). AWS has an extensive list of privacy and security certifications and we strive to adhere to AWS best practices.
Data in Spot is encrypted both at rest and in transit using industry-leading encryption standards.
Voice and Video Security
Voice and video communications are secured using TLS encryption and are not stored on our servers. We currently do not use end-to-end encryption, but this is something we are currently exploring.
Privacy & Safety Features
Our product provides the ability to be configured to meet your operational needs. Roles, permissions, and other features are designed to provide the right level of granularity for control.
Backups of customer data are performed continuously and securely. We provide a maximum 24-hour Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
Single Sign-On (SSO)
The Spot platform provides SSO using OAuth2 via a variety of identity providers. SAML support is on the roadmap.
We take privacy seriously and do not sell, share, or export customer data to third parties in any capacity. We collect minimal data to improve our services and satisfy any legal, accounting, or contractual obligation.
Customers can delete users, messages, and other communications from our system directly within the product. If a customer wants to terminate their relationship with Spot they can request to do so and all their data will be deleted within 60 days.
Spot consists of a relatively small team with very limited access to production infrastructure and customer data. We utilize a change management system to track and control changes to our production environment.
Uptime Transparency(In Progress)
We are working on a status transparency dashboard to provide public and continuously monitored uptime information.