Security and Compliance at Sparrow Intel
Written By Chad McGuire (Sparrow Intel)
Security and Compliance at Sparrow Intel
We're frequently asked about Sparrow Intel's security posture, and SOC 2 in particular. Here's how we think about it.
How we leverage Microsoft Azure's certifications
Sparrow Intel runs on Microsoft Azure. Every piece of customer data β reviews, reservations, conversations, guidebooks, AI prompts and outputs β lives in Azure. We do not operate our own data centers and we do not store customer data outside of Azure.
That means the controls Microsoft is audited against also protect your Sparrow Intel data. Azure holds, among others:
- SOC 1 Type II, SOC 2 Type II, and SOC 3 attestations
- ISO/IEC 27001, 27017, and 27018
- HIPAA / HITECH and GDPR alignment
- PCI DSS and many regional certifications (UK G-Cloud, Australia IRAP, etc.)
The full list of Azure attestations, along with the most recent third-party audit reports, is published on the Microsoft Service Trust Portal.
What this means in practice
- Data at rest is encrypted by Azure's platform-managed encryption (AES-256).
- Data in transit is encrypted with TLS 1.2 or higher.
- Identity is handled by Auth0 (Okta), which is independently SOC 2 Type II certified.
- Access controls to production systems are limited to a small number of Sparrow Intel engineers and audited.
- Backups are managed automatically by Azure's managed database services.