Security Standards

These Security Standards are effective as of June 1st, 2019

We take the security of your data very seriously. We do realize that data is one of the most valuable assets you have these days.

Definition of category

Content data: Questions, Polls, pictures and every content provided by participants and facilitators into Sparkup app and CMS

Purchase data: information about sparkup plan and price

Payment data: information about billing

Technical data: information saved into our infrastructure such as IP, device type …


According to our Terms, all your account data are private. If you are using “Free trial” account, all data provided into Sparkup app are considered public and can be shared on Internet.

If you care about your data, we recommended to use paid version of Sparkup When it comes to staff and third parties, anyone who can view Customer data is contractually obligated to keep them confidential.

Data Manipulation

As a user, you can export complete results of your sessions via the Sparkup Studio. Sparkup undertakes to respect the General Data Protection Regulation upon its entry into force. Sparkup shall not use the shared data for commercial purposes in any way. Shared data shall not be resold nor sub-processed by third parties. Any user may request the data kept by Sparkup, have access to it and ask to change or delete it by sending an email to Sparkup undertakes to respond to this request within a maximum period of fifteen days. All data may be kept for a maximum period of one year.


Sparkup using AWS as infrastructure provider. We have different regions.

  • Asia servers are located into AWS datacenter in Tokyo (Japan)
  • Europe servers are located AWS datacenter in Paris (France)

AWS infrastructure has multiple certification such as ISO 27001 and HDS For more information

Sparkup infrastructure


Connection from participant and facilitator and Sparkup servers are using HTTPS and our technical team can only access to server through VPN to bastion server.


Our infrastructure is monitored by external service such as New relic.

Network requirements

The following information is related to the requirements that you should pass on to your CIO or the IT service at the event venue. In some companies and at event venues the internal networks may be limited. These requirements will allow you to make sure that you will be able to easily access the Sparkup platform on the day of your event.

Internet connection

To use the Sparkup platform you will need a stable Internet connection. Here are the necessary requirements:

  • The network should allow all the users to connect at the same time (participants + facilitators)
  • The recommended speed is 1,6Mbits/s per participant (minimum 1Mbit/s per participant)
  • This will allow you to use the application in the best conditions.

Extra recommendations

  • Use a dedicated network,
  • Use a wired Internet connection for the facilitator's computer (which will allow you to avoid getting disconnected),
  • Limit the bandwidth per user (e.g.: 1Mbits/s per participant),
  • In case of problems with Wi-Fi make sure you have somebody you can contact,
  • Using the 4G network is an advantage in case there is a Wi-Fi network failure,
  • Have a smartphone with a 3G/4G network connection in order to quickly create a Wi-Fi network and share Internet if there are any problems.


You must establish outgoing TCP connections between the peripherals and the Internet through HTTPS ports (443). Our servers do not establish any incoming connections.


You must autorised websocket connections with 10minutes timeout for the following domains:

  • *


The network can have a proxy if:

  • the proxy doesn't block access to HTTPS of our online servers
  • the proxy doesn't modify content of HTTPS requests made by our Web services.

Online servers

We use Amazon Web Service and Online servers. All data is stocked in the Parisian region.


The DNS server that distributes addresses through the DHCP server must respond correctly to the requests sent by the peripherals to the addresses that include the following domains:

  • *

Mosaic specific requirement

  • webrtc protocol enabled to *,
  • Mosaic servers IP:,,,
  • MSE protocol enabled on browsers,
  • Allow to use a STUN server to initiate the connection
  • Port 3478 UDP+TCP
  • For the best possible experience, we recommend opening UDP ports 1025 - 65535.

Checking the app (after configuring the network)

Open your browser and follow this test link.

Click on "Starting Test". Wait for 60 seconds and make sure that the status changes from "Waiting" to "Success".

Software Development Lifecycle

We do frequent releases to always provide the best experience to our customers. To do so, we follow our own development process using all the values of agile methodologies. We have been optimizing our workflow for years thanks to different types of feedback and lessons learned.

Our roadmap is built from customer feedback, internal feedback and market expectations.

New features or important modifications to the product will be communicated to our customers at least 1 month before the release. Each new feature is then correctly specified by a Product Owner with the help of our lead developer. During its development, we first perform automated tests to avoid any side effects. Any new code is reviewed by another developer. The code won’t be approved if it does not meet our requirements such as unit tests, scalability, documentations... Moreover, our quality assurance team also manually tests the new feature and feedback the development team.

When the feature is developed, the new code is deployed on our pre-production environment to run additional automated tests (such as regression tests) and an additional set of manual tests by our internal team. If everything works as expected, the release will be pushed to our users. Of course, if anything goes wrong, we can patch it or revert to the previous version immediately.

Incident Management and Response

Our support team responds to tickets in a maximum of 48 hours (business days).

Errors related to a lack of knowledge or a misuse of the solution will therefore be processed within this timeframe. User may also use Sparkup’s Help Center to find answers to their questions. Moreover, we classify in 4 levels the possible incidents/bugs:

  • Minor - do not directly affect the use of the product. A review every 3 months at most will be applied to the solution to fix the minor feedbacks.
  • Major - troublesome problems but the user can still use the application with, if needed, a possible workaround proposed within 48 hours. Resolution time between 1 to 5 days.
  • Blocker - the user can no longer use the solution and no workaround is possible. These problems are escalated to our development team and become the team's priority. Response time in 24h maximum. Resolution time between 1 to 3 days.
  • Security breach - Any event of a security breach will be taken very seriously and escalated to our development & security team to promptly react. Sparkup has incident management policies and procedures in place to handle such an event. If the complete correction of the incident may take too long, we will first implement a palliative patch to quickly respond to the vulnerability.

External Security Audits

SSL audits