Legal Information

Security Overview

Last updated: October 31, 2021

About

This overview provides details about security practices we follow and how we secure your data at Stark. Additionally, you'll find information on GDPR requests and how to reach out for more details for anything not covered below.

Security Practices

  • Stark regularly audits changes, additions, and removals to the product throughout its development lifecycle.

  • Manual code reviews are performed in addition to automated tooling used.

  • Open-source alerts are in place to address any identified security issues in the third-party code we utilize.

  • Monitoring and alerts are in place for all aspects of Stark's servers and infrastructure to detect potential abuse.

How We Secure Your Data

  • Data is encrypted in transit using TLS. At rest, your data is encrypted with AES-256 block-level storage encryption.

  • Authorization controls are in place throughout to ensure access to your data is limited only to you.

  • Stark uses Stripe for its handling of payment processing. Financial data is not stored on our servers. Read more about Stripe’s Security.

  • Stark uses Mixpanel for its handling of analytics data. In keeping with our clear separation of user data, personally identifiable information is not stored within Mixpanel. Additionally, Stark does not collect potentially sensitive information relating to your work (documents, images, metadata, etc.) for analytics purposes. Read more about Mixpanel’s security.

Subprocessors

Stark uses the following subprocessors to maintain our service:

Salesforce, Inc (Heroku)

Application Hosting

USA

Google Cloud Platform (Firebase)

Application Hosting

USA

Functional Software, Inc (Sentry)

Error Tracking/Logging

USA

Hubspot, Inc

Email Marketing, CRM

USA

Intercom, Inc

Customer Support

USA

MailerLite Limited

Email Communications

USA

Mixpanel, Inc

Data Analytics

USA

Stripe, Inc

Payment Collection/Processing

USA

Vulnerability Disclosure Program

If you've found a vulnerability or security issue, we'd appreciate your feedback; please reach out to us at security@getstark.co so we can work to address it.

GDPR Compliance

Users can opt in or out of our analytics gathering at any time via the Dashboard. Additionally, users can delete their own accounts without the need to reach out to us. For GDPR deletion (to remove any analytics data associated with a user), please reach out to us at support@getstark.co.

More Info

Still have questions? Reach out to us at support@getstark.co. Also, be sure to check out the following links: