Skip to content

Security

Learn how Sponja protects your data and your attendees' information with industry-standard security practices.

Last updated: April 1, 2026

This page gives an overview of the security practices we follow building and operating Sponja.

1. Payment

We process payments with Stripe, a PCI DSS Level 1 certified payment provider. Sponja does not process or store any payment card information.

2. Privacy

Sponja does not sell your personal data. We only share data with service providers as needed to operate the platform, and with integrations you explicitly authorize.

You can read more about how we handle your data on our Privacy Policy page.

3. Infrastructure

Sponja is hosted on Vercel, which provides enterprise-grade infrastructure with built-in DDoS protection, automatic HTTPS, and global edge delivery. Our application data is stored with cloud providers that maintain industry-leading compliance certifications, including ISO/IEC 27001 and SOC 2.

4. Encryption

All data is encrypted in transit and at rest. We use TLS/SSL encryption across the Sponja application and API. Sensitive data at rest is encrypted using AES-256.

5. Development Process

Our application code is reviewed for security vulnerabilities as part of our development workflow. Engineers follow industry best practices for secure development, including input validation, dependency management, and least-privilege access controls.

6. Access Controls

Access to production systems and customer data is restricted to authorized personnel on a need-to-know basis. We use multi-factor authentication for internal systems and review access permissions regularly.

7. Incident Response

We monitor our systems continuously for performance, reliability, and security events. In the event of a data breach that poses a risk to your data, we will notify affected users and the relevant supervisory authority within 72 hours of becoming aware of the incident, as required by applicable law.

8. Responsible Disclosure

If you discover a security vulnerability in Sponja, please report it to us at info@sponja.ai. We will acknowledge your report within 2 business days and work to resolve confirmed issues promptly. We ask that you give us reasonable time to investigate and address the issue before any public disclosure.

9. Contact

For security-related questions or to report a vulnerability:

Email: info@sponja.ai
Company: Popup Moments Inc., Delaware, USA

Book a Demo