Security Standards

These Security Standards are effective as of June 1st, 2019

We take the security of your data very seriously. We do realize that data is one of the most valuable assets you have these days.

Definition of category

Content data: Questions, Polls, pictures and every content provided by participants and facilitators into Sparkup app and CMS

Purchase data: information about sparkup plan and price

Payment data: information about billing

Technical data: information saved into our infrastructure such as IP, device type …


According to our Terms, all your account data are private. If you are using “Free trial” account, all data provided into Sparkup app are considered public and can be shared on Internet.

If you care about your data, we recommended to use paid version of Sparkup When it comes to staff and third parties, anyone who can view Customer data is contractually obligated to keep them confidential.

Data Manipulation

As a user, you can export complete results of your sessions via the Sparkup Studio. Sparkup undertakes to respect the General Data Protection Regulation upon its entry into force. Sparkup shall not use the shared data for commercial purposes in any way. Shared data shall not be resold nor sub-processed by third parties. Any user may request the data kept by Sparkup, have access to it and ask to change or delete it by sending an email to Sparkup undertakes to respond to this request within a maximum period of fifteen days. All data may be kept for a maximum period of one year.


Sparkup using AWS as infrastructure provider. We have different regions.

AWS infrastructure has multiple certification such as ISO 27001 and HDS For more information

Sparkup infrastructure


Connection from participant and facilitator and Sparkup servers are using HTTPS and our technical team can only access to server through VPN to bastion server.


Our infrastructure is monitored by external service such as New relic.

Network requirements

The following information is related to the requirements that you should pass on to your CIO or the IT service at the event venue. In some companies and at event venues the internal networks may be limited. These requirements will allow you to make sure that you will be able to easily access the Sparkup platform on the day of your event.

Internet connection

To use the Sparkup platform you will need a stable Internet connection. Here are the necessary requirements:

Extra recommendations

You must establish outgoing TCP connections between the peripherals and the Internet through HTTPS ports (443). Our servers do not establish any incoming connections.


You must autorised websocket connections with 10minutes timeout for the following domains:


The network can have a proxy if:

Online servers

We use Amazon Web Service and Online servers. All data is stocked in the Parisian region.


The DNS server that distributes addresses through the DHCP server must respond correctly to the requests sent by the peripherals to the addresses that include the following domains:

Mosaic specific requirement
Checking the app (after configuring the network)

Open your browser and follow this test link.

Click on "Starting Test". Wait for 60 seconds and make sure that the status changes from "Waiting" to "Success".

Software Development Lifecycle

We do frequent releases to always provide the best experience to our customers. To do so, we follow our own development process using all the values of agile methodologies. We have been optimizing our workflow for years thanks to different types of feedback and lessons learned.

Our roadmap is built from customer feedback, internal feedback and market expectations.

New features or important modifications to the product will be communicated to our customers at least 1 month before the release. Each new feature is then correctly specified by a Product Owner with the help of our lead developer. During its development, we first perform automated tests to avoid any side effects. Any new code is reviewed by another developer. The code won’t be approved if it does not meet our requirements such as unit tests, scalability, documentations... Moreover, our quality assurance team also manually tests the new feature and feedback the development team.

When the feature is developed, the new code is deployed on our pre-production environment to run additional automated tests (such as regression tests) and an additional set of manual tests by our internal team. If everything works as expected, the release will be pushed to our users. Of course, if anything goes wrong, we can patch it or revert to the previous version immediately.

Incident Management and Response

Our support team responds to tickets in a maximum of 48 hours (business days).

Errors related to a lack of knowledge or a misuse of the solution will therefore be processed within this timeframe. User may also use Sparkup’s Help Center to find answers to their questions. Moreover, we classify in 4 levels the possible incidents/bugs:

External Security Audits

SSL audits