At atSpoke, we’re committed to delivering forward-thinking technology while honoring the responsibility to safeguard the data customers share with us. We have taken a multi-tiered security approach in the design of our application and maintain that standard through secure development practices combined with a number of third-party assessments. Our focus remains on releasing product features that empower workplaces without sacrificing security.

We know that entrusting us with your internal corporate data is an important decision. Therefore we have taken numerous steps to create a strong security program to provide you the reassurance you need. We ensure that each customer’s data is kept safe and separate from other customer’s data, and also limit the same principles of access with our own staff’s capabilities. atSpoke doesn’t view your data unless you’re aware and we will never create any sort of meta-reporting that can be resold later. Our business is laser-focused on delivering the value we promise, and nothing else.


People, process and technology are all considerations in how we approach information security and data privacy. To validate the effectiveness of our internal security controls, we engaged an independent auditor to assess our compliance with a framework which is specifically designed for software-as-a-service (SaaS) providers.

atSpoke currently holds a report on compliance for the SOC 2 Type 2 standard which outlines our philosophy and approach for information security management, risk assessment, board oversight, and third-party risks, among other principles.

All customer payments accepted by atSpoke via credit card are processed in compliance with the current Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is designed to ensure any merchant accepting credit card payments are required to implement appropriate protective measures to prevent cardholder data from theft or fraudulent use. At a high level, to comply with the standard, we continue to:

At atSpoke, we have selected the secure payment technology company Stripe for our credit card processing needs. Using Stripe, no cardholder data is ever stored or processed on atSpoke’s servers. For PCI Compliance, all atSpoke payment data and transaction processing is delegated to Stripe. Stripe is certified to the highest industry standards, including PCI DSS Level 1 certification and various rigorous standards across the globe.

We complement our own compliance achievements by hosting our services in Google Cloud Platform which is a state of the art data center, utilizing innovative architectural and modern engineering approaches. Google’s data centers have been validated for compliance against a number of  strict standards, regulations and assorted frameworks. To learn more about Google’s Trust and Compliance, you can learn more here:

For inquiries regarding our information security practices at atSpoke, or to provide feedback or suggestions to our team, please email us at To report an identified security vulnerability in our application, please email us at


atSpoke is a service provider, as defined by the California Consumer Privacy Act of 2018 (“CCPA”) which is a California state law that went into effect on January 1, 2020. CCPA gives California consumers new privacy rights and creates new obligations for businesses that are covered by the law. 

The rights for California consumers include:

It is important to note that atSpoke will never engage in the sale of personal information. Our business has processes in place in order to respond to consumer requests related to the CCPA. 

In an effort to comply with this new law, we implemented the following measures:


The EU General Data Protection Regulation (GDPR) is a new comprehensive EU data privacy law which took effect on May 25, 2018. 

Under GDPR, atSpoke is a data processor therefore, we provide support to data controllers in order to enable them to fulfill their obligations under GDPR, and will refer any direct inquiry from consumers and end-users to the respective data controller for handling.

At atSpoke we have taken various steps to give customers assurance that the use of atSpoke’s products and services are consistent with the GDPR:

Subprocessors: atSpoke uses third-party services for business & operational efficiency. These subprocessors have limited access to requisite customer data in order to provide specific functionality within our service. We establish data protection agreements that require third-party services to adhere to confidentiality and privacy commitments that we have made to our customers. atSpoke uses the following subprocessors:

Google, Inc.Cloud Service Provider
MongoDB, Inc.Cloud-based Hosted Database
Mailgun Technologies, Inc.Cloud-based Email Service Provider
Intercom, Inc.Cloud-based Customer Support Services
Stripe, Inc.Cloud-based Payment Processor
Salesforce, Inc.Cloud-based Customer Relationship Management
Twilio, Inc.Cloud-based SMS Services
Mixpanel, Inc.Cloud-based Analytics Services
Cloudinary, Inc.Cloud-based File Storage Services
Stitch, Inc.Cloud-based Analytics Pipeline Services
Mode Analytics, Inc.Cloud-based Analytics Services
DataDog, Inc.Cloud-based Logging Services, Inc.Cloud-based In-app Onboarding Solution

We will update this page periodically to reflect current information regarding subprocessing associated with the atSpoke service. Prior to any changes to subprocessor relationships, we will provide notification to customers of any proposed updates in accordance with our contractual or legal obligations.

If you would like to request a copy of our Data Protection Agreement or if you have any other privacy-related questions, please email us at

Application & Product Security

Resilient and Secure Architecture

Secure Build

Personnel Practices

Effective | July 12, 2021

Are you an existing atSpoke user?