Your data security is our top priority
MishiSpark is built with enterprise-grade security, strict privacy controls, and transparent AI practices to protect your retail data at every step.
Last updated: February 2026
Security & Encryption
Enterprise-grade protection at every layer of our infrastructure.
- AES-256 encryption at rest for all stored data
- TLS 1.3 encryption for all data in transit
- OAuth 2.0 authentication for API integrations
- Google Cloud Platform infrastructure with built-in DDoS protection
Privacy & Data Handling
Your data belongs to you. We collect only what's needed to deliver insights.
- Minimal data collection — only what's required for analytics
- We never sell or share your data with third parties
- Configurable data retention controls
- All data stored in US-based data centers
Compliance & Certifications
Meeting the standards that matter for retail data protection.
- GDPR-ready data processing and export capabilities
- CCPA compliant with consumer privacy rights support
- PCI DSS awareness for payment-adjacent data handling
- SOC 2 Type II certification planned for 2026
AI Transparency
Clear, honest practices around how we use AI to generate your insights.
- Your data is never used to train AI models
- Explainable insights — see the reasoning behind every recommendation
- Human-in-the-loop design for all critical decisions
- Powered by Anthropic's Claude API with enterprise data agreements
Built on trusted infrastructure
GCP Hosting
Google Cloud Platform with 99.9% uptime SLA
Automated Backups
Continuous database backups with point-in-time recovery
24/7 Monitoring
Real-time alerting on performance and security events
Frequently asked questions
Where is my data stored?
All data is stored in Google Cloud Platform data centers located in the United States. Data is encrypted at rest using AES-256 and in transit using TLS 1.3.
Can I delete my data?
Yes. You can request full deletion of your account and all associated data at any time from your account settings or by contacting our support team. We process deletion requests within 30 days.
Is my data used to train AI models?
No. Your store data is never used to train AI models. We use Anthropic's Claude API under enterprise agreements that explicitly prohibit using customer data for model training.
How do you handle security incidents?
We maintain an incident response plan with defined escalation procedures. In the event of a data breach, affected customers are notified within 72 hours in accordance with GDPR requirements.
How can I report a security concern?
Please email [email protected] with details. We take all reports seriously and aim to acknowledge receipt within 24 hours.
Have security questions?
Our team is ready to help with any security or privacy concerns.
Contact Security Team