Security & privacy you can audit
We don't list certifications we don't hold. This page describes the actual security controls shipping in Spot today.
Multi-tenant by design
Every team owns its data. All tenant models enforce a global team_id scope at the ORM layer — there is no path for one team to read another team's players, layouts, assets or playlists.
Role-based access control
Granular permissions (resource.action) with built-in Owner, Admin, Editor, Operator and Viewer roles. Define your own roles per team.
Full audit trail
Every create, update, delete, publish, command and team-membership change is recorded with actor, IP and timestamp. Reviewable in Settings → Audit log.
Hardened authentication
Laravel Fortify with Argon2-class password hashing, throttling and verified emails. API access uses Laravel Sanctum tokens scoped per device.
Encrypted in transit
HTTPS-only in production. WebSocket connections use wss:// with TLS termination. Player API requires authenticated, signed channels.
Encrypted secrets at rest
Sensitive credentials (API keys, integration tokens) are encrypted at the application layer using Laravel's authenticated encryption.
No card data on our servers
Stripe handles all PCI scope. We store customer and subscription identifiers, never card numbers or CVCs.
Privacy-respecting analytics
Product analytics via Rybbit — no third-party cookies, no cross-site tracking, no selling of data.
Device pairing with OTP
Players are paired via short-lived one-time codes tied to a persistent device identifier. Lost devices can be unpaired with one click.
Offline cache, by design
Players keep playing the last cached content if the network drops. Content updates download in the background and only swap when fully ready.
What we are working toward
Formal SOC 2 / ISO 27001 attestations are on the roadmap. We'll list them here the moment we hold them — not before.