01.
Access to systems is granted on a least‑privilege basis and reviewed regularly.
Security and
privacy at Spot
We secure your parking data from curb to cloud — every permit, plate read, and citation stays completely private.
Governance
Spot Parking's Security and Privacy teams implement robust policies and controls, monitor compliance, and ensure our security practices meet the highest standards.
02.
Every team member completes security training upon onboarding and annual refreshers thereafter.
03.
We engage third‑party security firms for annual penetration tests covering our applications and cloud infrastructure.
04.
We monitor logs and alerts 24/7, with on‑call rotation to ensure prompt investigation and remediation.
Data Protection
Data at rest
All data is encrypted at rest using AES 256 encryption. We use Amazon RDS for PostgreSQL, which provides automated backups and point-in-time recovery.
This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.
Data in transit
Spot Parking uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed by AWS and deployed via Application Load Balancers.
Secret Management
Spot Parking uses AWS Secrets Manager to securely store and manage application secrets such as API keys, database credentials, and other sensitive information.
For user authentication and authorization, Spot Parking leverages Amazon Cognito. User passwords are hashed and salted using industry-standard algorithms before being stored in the database.