Security at Sparrow

Sparrow utilizes enterprise-grade best practices to ensure our customer’s security.

Our security commitment

At Sparrow, customer trust is our top priority.

We maintain the highest standards of data privacy and security because we know your employee data is important to keep secure. Sparrow undergoes regular penetration testing and security reviews, and encrypts data at rest and in transit.

Our customers entrust sensitive data to our care. Keeping it secure is our promise.

The Sparrow Team

Application Security

We make sure our security practices don’t only meet industry standards, but set them.

Data Encryption

Data is encrypted in-transit using bank-grade TLS 1.2. Data is encrypted at-rest.

Data Permissions & Authentication

Access to customer data is limited to authorized employees who require it for their job and data access is logged.

Data Privacy

Sparrow uses industry best practice controls used to manage customer Data Privacy.

Incident Response

Security breaches will be communicated promptly, and vulnerabilities are fixed ASAP.

Enterprise Ready Compliance

ISO 27001

Sparrow’s commitment to continually and comprehensively managing and improving our physical, technical, and legal controls is recognized by the ISO 27001 certification, the premier international information security management system standard.

ISO 27701

Recognized for handling its customers’ sensitive data securely, Sparrow attained its ISO 27701 certification, a globally acknowledged standard that outlines the requirements for Privacy Information Management Systems (PIMS).

ISO 22301

Sparrow earned its ISO 22301 certification, an international standard validating its implementation of a robust Business Continuity Management System (BCMS) to ensure the resilience and continuity of its operations in the event of disruptions.

SOC 2 Type II

Sparrow has been audited by an independent firm who has confirmed that Sparrow meets the requirements set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.


GDPR has some of the most stringent privacy standards worldwide. Sparrow is GDPR compliant in accordance with AT-C 315 indicating that Sparrow provides enterprise-level security for customers’ data secured in the Sparrow System.

Ongoing Commitment
to Security

Penetration Tests

Sparrow works with industry leading security firms to perform annual network and application layer penetration tests.

Employee Trainings

Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

Secure Software Development

Sparrow utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Security Team

Sparrow employs staff responsible for reviewing, updating, testing and maintaining our security and privacy policy.

Sparrow Responsible Disclosure Policy

Data security is a top priority for Sparrow, and Sparrow believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability, please notify us. We will work with you to resolve the issue promptly.

Read Our Security Policy

Still have questions about
Security at Sparrow?

Contact Our Security Team