Security
Spronta is built on Cloudflare's infrastructure, with encryption at every layer and strict multi-tenant isolation. Here's how we protect your images and data.
Data in transit
All data between clients and Spronta is encrypted using TLS 1.2 or higher. HTTPS is enforced on all endpoints — HTTP requests are redirected automatically. Presigned upload URLs expire after 10 minutes.
Data at rest
Images are stored in Cloudflare R2, which encrypts all data at rest using AES-256. Spronta enforces multi-tenant isolation at the API layer — each site's images are stored under a unique namespace and cannot be accessed by other tenants.
Infrastructure
Spronta runs on Cloudflare Workers and R2, distributed across Cloudflare's global network with 300+ data centres. DDoS protection and rate limiting are applied at the network layer. API keys are hashed before storage and never logged.
Access controls
API keys are scoped to individual projects. Each request to the platform API must include a valid API key. The CDN serves images publicly by default — private image delivery with signed URLs is on the roadmap.
Compliance & certifications
Data processed in the EU / UK
UK registration ZC017195
Targeted for Q3 2026
Found a security issue? Please report it responsibly to security@spronta.com