Security & Encryption

sparkXchange is built with security as its foundation. Here's how we protect your intellectual property and data.

Data at Rest Encryption

AES-256

All data stored on sparkXchange is encrypted at rest using AES-256 encryption — the same standard used by banks, government agencies, and military organizations.

Database storage encrypted via PostgreSQL Transparent Data Encryption (TDE)
Infrastructure hosted on AWS with automatic encryption of all volumes
Encryption keys managed through AWS Key Management Service (KMS)
Database backups are also encrypted at rest

Data in Transit Encryption

TLS 1.2+

All data transmitted to and from sparkXchange is encrypted using TLS 1.2+ (Transport Layer Security), ensuring your data cannot be intercepted during transfer.

HTTPS enforced on all endpoints — no unencrypted connections allowed
Certificate pinning for API communications
HTTP Strict Transport Security (HSTS) headers

Access Control & Authorization

Every data access is governed by strict role-based policies enforced at the database level.

Row-Level Security (RLS) policies on every table
Role-based access: student, instructor, admin, district admin, etc.
District admins see only aggregate data — not individual student records
Institutional data isolation — schools cannot see other schools' data

Compliance & Privacy

Platform blocked from search engine indexing (robots.txt + noindex meta tags)
Complete audit trails for all submission activity and ownership changes
Institutional compliance with education data privacy requirements
Anonymous browsing until explicit engagement

Encryption Summary

Layer	Standard	Details
Data at Rest	AES-256	PostgreSQL TDE + AWS EBS encryption
Data in Transit	TLS 1.2+	HTTPS enforced, HSTS headers
Backups	AES-256	Encrypted at rest via AWS
Key Management	AWS KMS	Managed encryption keys with automatic rotation