Spike

Security

How we protect your data and your users

Encryption

  • All data is encrypted in transit using TLS 1.3
  • Database encryption at rest using AES-256
  • Passwords hashed using bcrypt with salt
  • API keys and secrets stored in encrypted vaults

Infrastructure

  • Hosted on secure cloud infrastructure
  • Regular security patches and updates
  • DDoS protection and rate limiting
  • Automated backups with point-in-time recovery
  • Geographic redundancy for high availability

Spam Protection

  • Honeypot fields to catch bots
  • reCAPTCHA v2 and v3 support
  • Keyword-based spam detection
  • Rate limiting per form and IP
  • Domain restriction to prevent abuse

Privacy

  • We never sell your data or submission data
  • Minimal data collection - only what's necessary
  • GDPR compliant data handling
  • Data export and deletion on request
  • No third-party tracking on your forms

Access Control

  • Secure authentication with JWT tokens
  • Session management with automatic expiry
  • API keys with granular permissions
  • Audit logs for all account actions

Vulnerability Reporting

Found a security vulnerability? We appreciate responsible disclosure.

Contact us at security@spike.ac