Trust & Security

Accounts are protected with email and password sign-in. Passwords are checked against known breached-password lists at sign-up and password change, and weak or compromised passwords are rejected.

Application data is scoped per user through row-level access policies, so customers can only read and modify their own records.

Customer data is stored in a managed Postgres database hosted on enterprise cloud infrastructure. Data is encrypted in transit using TLS and encrypted at rest by the underlying storage layer.

Account credentials are never stored in plaintext; password hashing and session management are handled by the managed authentication provider.

PodSpark uses a small set of trusted infrastructure providers to deliver the service, including a managed database and authentication provider, a hosting/CDN provider, and an AI inference gateway used for content generation features. We do not sell customer data and do not share it with third parties for advertising.

You can update or delete your profile and content at any time from Account settings. On account deletion, associated records are removed from the primary database; backup copies are rotated out on the provider's standard schedule.

PodSpark is an early-stage product and does not currently hold independent certifications such as SOC 2, ISO 27001, HIPAA, or PCI DSS. We design the product to support GDPR-style user rights (access, correction, deletion) through in-app controls and email requests.

If your organization requires a signed DPA, security questionnaire response, or additional documentation, contact us at the address below.

If you believe you have found a security issue, please email officialmspmedia@gmail.com. Please include steps to reproduce and avoid accessing data that does not belong to you. We aim to acknowledge reports within 3 business days.