Security and
privacy at Spot

All data is encrypted at rest using industry-standard AES 256-bit encryption, ensuring strong protection for sensitive information. Our infrastructure is built on secure, cloud-based database services that support automated backups and point-in-time recovery to safeguard against data loss.

In addition to encryption at rest, we apply encryption measures before data is ever stored, adding an extra layer of protection. This means that even with physical or system-level access, unauthorized users cannot read the most sensitive information, reinforcing the security and integrity of our data storage practices.

Spot Parking enforces the use of TLS 1.2 or higher for all data transmitted over networks that could be considered insecure, ensuring strong encryption for data in transit. To further enhance transport security, we implement features such as HTTP Strict Transport Security (HSTS), which helps prevent protocol downgrade attacks and cookie hijacking.

Our server certificates and TLS keys are securely managed and automatically deployed through our infrastructure, ensuring that all connections remain encrypted and trusted without manual intervention.

Spot Parking securely stores and manages sensitive application data such as API keys, database credentials, and access tokens using a dedicated secrets management system designed for high availability and strict access control.

For user authentication and authorization, Spot Parking utilizes a modern identity management system that adheres to industry best practices. User passwords are never stored in plain text—they are hashed and salted using strong, proven algorithms before storage to ensure confidentiality and protect against unauthorized access.