Sparky Scout runs on Cloudflare Workers and related Cloudflare data services. Production services are separated from development and staging environments.

Administrative actions and setup changes are protected by scoped secrets and environment-specific configuration.

Provider tokens and sensitive credentials are encrypted before storage. Secrets are managed outside the source repository.

Workspace data is scoped by workspace identifiers so connected provider records, subscriptions, and indexed content remain isolated by customer workspace.

Operator access is limited to personnel who need it for support, deployment, billing, or incident response.

Logs avoid exposing secrets and should be treated as operational records for troubleshooting and audit review.

AI requests are routed through configured providers only to deliver the requested product behavior. Sparky Scout sends the minimum project context needed for the task.

Customers should avoid connecting repositories, channels, or meeting sources they do not want Sparky Scout to process.

Security concerns can be reported to support@sparkyscout.com. Include affected workspace, timestamps, and a concise description when possible.

We triage reports based on severity and notify affected customers when an incident materially impacts their workspace data or service availability.