MishiSpark
TrustSign inSign up
Security & Trust

Your data security is our top priority

MishiSpark is built with enterprise-grade security, strict privacy controls, and transparent AI practices to protect your retail data at every step.

Last updated: February 2026

Security & Encryption

Enterprise-grade protection at every layer of our infrastructure.

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption for all data in transit
  • OAuth 2.0 authentication for API integrations
  • Google Cloud Platform infrastructure with built-in DDoS protection

Privacy & Data Handling

Your data belongs to you. We collect only what's needed to deliver insights.

  • Minimal data collection — only what's required for analytics
  • We never sell or share your data with third parties
  • Configurable data retention controls
  • All data stored in US-based data centers

Compliance & Certifications

Meeting the standards that matter for retail data protection.

  • GDPR-ready data processing and export capabilities
  • CCPA compliant with consumer privacy rights support
  • PCI DSS awareness for payment-adjacent data handling
  • SOC 2 Type II certification planned for 2026

AI Transparency

Clear, honest practices around how we use AI to generate your insights.

  • Your data is never used to train AI models
  • Explainable insights — see the reasoning behind every recommendation
  • Human-in-the-loop design for all critical decisions
  • Powered by Anthropic's Claude API with enterprise data agreements

Built on trusted infrastructure

GCP Hosting

Google Cloud Platform with 99.9% uptime SLA

Automated Backups

Continuous database backups with point-in-time recovery

24/7 Monitoring

Real-time alerting on performance and security events

Frequently asked questions

Where is my data stored?

All data is stored in Google Cloud Platform data centers located in the United States. Data is encrypted at rest using AES-256 and in transit using TLS 1.3.

Can I delete my data?

Yes. You can request full deletion of your account and all associated data at any time from your account settings or by contacting our support team. We process deletion requests within 30 days.

Is my data used to train AI models?

No. Your store data is never used to train AI models. We use Anthropic's Claude API under enterprise agreements that explicitly prohibit using customer data for model training.

How do you handle security incidents?

We maintain an incident response plan with defined escalation procedures. In the event of a data breach, affected customers are notified within 72 hours in accordance with GDPR requirements.

How can I report a security concern?

Please email security@mishipay.com with details. We take all reports seriously and aim to acknowledge receipt within 24 hours.

Have security questions?

Our team is ready to help with any security or privacy concerns.

Contact Security Team