Security
How we protect your data, credentials, and message content.
Encryption in transit
All dashboard and API traffic is served over TLS 1.2+. We enforce HTTPS and HSTS at the edge.
API keys
Secret keys are shown only once at creation. We store salted hashes and support rotation and instant revocation from the dashboard.
Infrastructure
Production workloads run on hardened cloud environments with network segmentation, least-privilege access for operators, and automated patching for critical components.
Reporting issues
If you believe you have found a security vulnerability, email security@sparkmessaging.xyz with reproduction steps. We do not support public bug bounty at this time but we acknowledge valid reports promptly.