How Sparky Trips keeps your data safe.
Infrastructure
Sparky Trips runs entirely on Cloudflare's global edge network — Workers, D1 (database), KV, and R2 (object storage). We don't operate our own servers for the application itself, which means no single data center is a single point of failure, and traffic is served from wherever's closest to you.
Data isolation
Every organization's data is isolated at the database-row level, scoped by organization id, and every request is checked against your role and plan before it can read or write anything. Team members only see what their role permits.
Encryption
All traffic to Sparky Trips is encrypted in transit via HTTPS/TLS. Backups are encrypted at rest.
Authentication
Sign-in is handled via Keycloak, an industry-standard open-source identity provider, using OAuth 2.0 with PKCE. We never store your password in plaintext, and support is built in for organization-level access control (owner/admin/member roles) and audit-friendly permission checks on every action.
Backups
Infrastructure backups run automatically and are pushed to a separate, dedicated cloud storage location distinct from where your live data lives — so a problem with one doesn't affect the other. Backups are retained on a rolling schedule and are never used for anything other than disaster recovery.
Payments
We never see or store your card details. Payment processing is handled entirely by Razorpay, a licensed payment aggregator; Sparky Trips only ever receives a confirmation of payment status, never card data.
Responsible disclosure
If you believe you've found a security issue in Sparky Trips, please email us directly at security@sparkyminis.com rather than filing a public issue — we'll respond promptly and credit responsible disclosures once resolved.