Skip to main content
All CollectionsGDPR/Privacy
Spond Platform Security
Spond Platform Security
Updated over 3 months ago


Platform Security

Spond is proud to assist millions of coaches, players, volunteers, and many others in organizing the activities they love. Protecting the data of our users is a top priority for Spond, and this article will provide you with some high-level insights into the security controls we have in place.

Cloud provider and data location

Spond’s infrastructure is hosted by Amazon Web Services (AWS), one of the world’s most comprehensive and adopted cloud platforms with a proven track record for security.

Data related to our platform is located in the EU, more specifically in Dublin, Ireland and Frankfurt, Germany.

AWS is accredited with several certifications, including but not limited to SOC II, ISO 27001 and CSA STAR. Downloadable copies of ISO 27001 and CSA STAR can be found here, and information about AWS’ compliance with SOC can be found here.

Quality assurance

The platform is continuously tested, both via automated and manual testing.

Payments

Spond does not process payments nor store card details. Payment services within Spond are provided by Spond’s payment providers, including Stripe, Checkout and Nets.

Penetration testing

Penetration testing of the Spond platform is performed at least once per year by an independent security research company.

Encryption

Client-to-server sessions are encrypted using TLS 1.2 or a higher version, depending on client compatibility. Internal service communication is both authenticated and encrypted.

All data storage and databases are encrypted.

Support

Spond has support through email and chat, including an on-call engineering team for triage.

Backup and recovery

The Spond platform is making use of continuous backups, also known as Point-In-Time Recovery, which allow up-to-the-minute data restoration. In addition, full backups are performed on a daily basis with copies across regions for added availability and resilience.


Privacy & Legal

Privacy by design

Development at Spond is guided by the principle of Privacy by Design. New features’ impact on privacy is carefully assessed before being selected for development.

GDPR and Data Protection Authority

Spond is based in Norway, and thus reports to the Norwegian Data Protection Authority (Datatilsynet) and is required to implement and adhere to the GDPR.

Dedicated Data Protection Officer & Legal team

Spond has a dedicated Data Protection Officer as well as access to a dedicated legal team for privacy related matters. If you have any questions about this, please contact us.

Sub-processors

Spond uses third-party service providers for delivering parts of the service. All third-party service providers are required to enter into a Data Processing Agreement with Spond. Spond maintains a list of all sub-processors and affiliates. Spond’s list of sub-processors and affiliates can be accessed here.

Did this answer your question?