Yes! We take security very seriously. Here are a few steps we take to protect your information:

1. We don’t have access to your most sensitive information

   Our payment processor, Stripe, is trusted by millions of businesses, including Target, Amazon, Spotify, Lyft, Postmates, and more. When you add a credit or debit card to your Sparkle Stories account, Stripe handles the details—we never see your credit card number or verification code.

   We protect your account password by irreversibly transforming into a unique fingerprint upon receipt (individually salted and hashed with bcrypt). We never store the original in logs or databases. When you log in, we run the same transformation on the password you provide and compare it to the fingerprint on file to authenticate your access.

2. We secure communications between your browser and our service

   Our website uses HTTP Strict Transport Security to ensure your browser never connects to our website in an insecure manner. We utilize TLS 1.3 with all supporting browsers and fallback to TLS 1.2 for older or less modern browsers. Our TLS certificate management is automated with routine verification to avoid the possibility of getting an expired or out-of-date certificate. We don’t reference or link to websites that aren’t utilizing transport layer security.

3. We use enterprise-grade, secure infrastructure and processes

   We rely on professionally managed platforms and infrastructure with automated security updates and patches to protect against attacks. Our application and its dependencies are automatically monitored for vulnerabilities. Additionally, we undergo annual compliance reviews to ensure adherence to PCI DSS v3.2.1.