At SparqFest, we have put a lot of work into both data security and privacy. The core areas of focus are:
- Enabling you to adhere to various data sovereignty and privacy laws
- Giving users maximal control over their own data
- Ensuring the integrity of e-commerce transactions and making sure we are not a vector of attack on anyone's financial or password data
- Protecting the intellectual property of your filmmakers
Security Audits and Transparency
We are openly transparent with respect to all of our information security practices and procedures, and we are happy to share, where relevant, our written policies relating to information security, security architecture, and business continuity.
Some entities may require a security audit prior to engaging with any new vendor. We openly support such requirements as long as they do not violate the terms of service of our cloud provider, Amazon Web Services (in particular, as it relates to penetration testing). Any requested security audit will happen at the expense of the customer based on the time commitment required for the audit. We can provide a security engineer for a one-time, half-hour online Q&A for no additional cost.
Data Privacy
There are two components to our approach to data privacy:
- Practical
- Regulatory
The practical component of our approach to data privacy is how we protect user data independent of any laws in relevant jurisdictions. This component involves what information we collect, how we store it, and how it is shared.
The regulatory component governs the features we have implemented to enable you to adhere to specialized regulatory frameworks such as the EU GDPR or Canada's PIPEDA.
Practical Data Privacy
We simply do not collect information that isn't necessary for the function of our system.
Our Governing Principle: You own your data
And, consequently, we do not. We do not use the specific data from your festival and your stakeholders for any purpose other than to support the functionality for which you have subscribed.
Every question we ask a member of your staff, a creator, a judge, or an audience member serves the needs of delivering an online site in support of a film festival. We do, however, provide you with tools for asking people for additional data. As a rule, you should not ask anyone for information not related to the functioning of your festival. UNDER NO CIRCUMSTANCES SHOULD YOU ASK PEOPLE FOR SENSITIVE DATA LIKE CREDIT CARDS, PASSWORDS, OR SOCIAL SECURITY NUMBERS.
The data we collect is stored inside a database in Amazon Web Services. Any data that might have any level of sensitivity are stored encrypted in the database. Because we use Google and Apple for authentication, we do not store any user passwords and thus cannot be an attack vector for a password compromise. Examples of things we encrypt in the database:
- Notes saved by judge's about selections
- Passwords from FilmFreeway for the video screeners hosted by Vimeo or YouTube
- Any security tokens from any third-party accounts you have connected to your SparqFest account
- Temporary access tokens
Finally, we don't share your data or that of your stakeholders with anyone. Your data stays in your database and on your web site unless you yourself download that data and share it elsewhere. We do perform regular backups, but those backups stay in our Amazon Web Services account and are protected with access controls. We also replicate our databases across multiple data centers (with certain limitations discussed in the next section). Again, however, that synchronization sits entirely within our own AWS account and never leaves our control.
Regulatory Support
We do not claim to be compliant with GDPR, PIPEDA, or any other specific regulatory framework. Much of compliance with such frameworks rests in your hands. However, we have provided you with tools to enable you to be in compliance with most frameworks.
Data Sovereignty
The first important element of regulatory support lies in the concept of data sovereignty. From a data sovereignty perspective, it is not good enough that the data belonging to you and your stakeholders never leaves our control. It must additionally never leave the jurisdiction of that stakeholder. Our hosting is therefore segmented into regulatory centers. We have three such centers:
- Canada
- EU
- Global
Our Canadian regulatory center supports Canadian data sovereignty. Festivals that must adhere to PIPEDA or simply want to ensure their data sits in Canada can opt to host in this regulatory center. Data in this regulatory center never leaves Canada unless you or your team take it out of SparqFest and move it to another location. At this time, there is only one hosting location in Canada. Sites hosted in Canada thus lack the added redundancy of data replication we provide to survive the complete failure of an Amazon Web Services data center.
Similarly, our EU regulatory center supports EU data sovereignty with the goal of supporting any festival concerned about GDPR or simply the concerns of EU citizens. We have two locations in the EU (Dublin and Paris), so data for sites hosted in one location is replicated to the other.
The “Global” regulatory center provides no data sovereignty protections. Data is replicated for maximum system resilience at the cost of having data cross jurisdictional borders. The locations in this global regulatory center are: Northern California, London, São Paulo, Sydney, and Singapore.
If you have a need for a data sovereignty framework that is not supported by the above options, reach out to us. We are able to host in 26 different locations around the world.
Cookie Notices
We have the ability to prompt users to accept/reject cookies as some regulatory frameworks demand. The default SparqFest configuration is for sites hosted in the EU to present cookie notices to visitors with other sites not presenting them.
Regardless of whether we serve up a notice, each user has the ability to edit their privacy settings to accept or reject “cookies” that are not necessary for the functioning of the site.
Right to Be Forgotten
Many regulatory frameworks require sites to implement a concept called “the right to be forgotten”. The right to be forgotten means that a user can request that the web site forget who they are, resulting in all data about that user (with some exceptions) being deleted.
We support this right to be forgotten and a delete operation on a user that deletes all personal information about a user without damaging the system. Our approach to this is to replace any user record with empty data so you still have traceability on things like ticket purchases without having access to information about the person behind the purchase.
System Emails and Email Marketing
SparqFest sends two kinds of system emails to you:
- Transactional Emails (emails necessary for the function of your festival)
- Marketing Emails (emails that notify you of SparqFest events, tips, or other marketing things)
You have the ability to unsubscribe from marketing emails, but you cannot unsubscribe from transactional emails.
We send only transactional emails to your stakeholders and never pull information about your stakeholders into our own email marketing systems.
One SparqFest feature is the ability to add new contacts to your email marketing tool. It is important for you to understand the relevant laws about pulling contact information into email marketing tools and making sure your use of SparqFest and your email marketing tool complies with those laws.
Credit Cards and E-commerce Transactions
Want to learn more about Stripe?
Stripe enables major retailers to adhere to all laws relating to e-commerce transactions and is our payments gateway vendor. You can learn more about them and the way they operate on their web site.
We do not store credit cards, banking information, or tax information. Instead, we delegate all of that to Stripe who specializes in payments processing. Our approach to this kind of data is simple: we don't want to touch if we don't have to, and we never store it outside of Stripe.
When someone makes a payment or saves a method of payment, Stripe directly captures the credit card method and stores it securely in their systems. SparqFest never sees or has access to that credit card information. When we request credit card information from Stripe, we see only the last four digits of the credit card and the expiration date.
We briefly touch banking and tax information in some select cases, but only to pass it on to Stripe for secure storage. We do not store this information ourselves. Once it has been sent to Stripe we no longer have any access to it other than the last four digits of the account and the name of the bank.
Disputes
Unless the reason for a dispute results from our negligence, you are responsible for resolving all disputes with your audience members. A successful dispute results in a $15 charge (from Stripe, not us) in addition to the loss of funds associated with the transaction.
Fortunately, SparqFest simply isn't a good vehicle for credit card fraud because we have an established, known relationship vetted by Stripe with each festival, All disputes we have faced to date have been people who bought tickets for a festival but did not recognize the charge on their credit card.
To minimize the number of disputes, we send each person a receipt that includes information about how the charge will appear on their credit card. You can access these receipts in the Staff Portal under “Account” > “Users” and searching for that audience member.
In the event someone disputes a charge, we will contact you with the dispute information. You are then responsible for reaching out to the person who has filed the dispute to get them to rescind the dispute. Emailing them with a copy of their receipt should be enough. In fact, just mentioning the name of the festival tends to end all disputes.
Access to Your Bank Account
Unless you setup a bank account for payment (which we don't currently support), money flows between SparqFest and your bank account are one-way: we only send you money. We cannot trigger a debit on your bank account.
We obviously have the ability to charge your payment method for your subscription renewals. At this time, we support only credit cards for any kind of payments. SparqFest (accidentally or intentionally) debiting your bank account should therefore not be a concern.
Intellectual Property Protection
Our goal with respect to intellectual property protection is to provide a “good enough” solution for independent filmmakers at a reasonable price-point with options for higher levels of DRM support for people who need to pay for studio-grade protection.
First, some basics:
- We do not support or allow the download of video or audio assets by the public. We allow only real-time streaming of video and audio files.
- All video and audio content is streamed over an encrypted encryption to known end-users.
- We log all access to all content.
In other words, no matter what you are paying, our base line delivery of content virtually eliminates the ability of casual pirates to steal filmmaker IP. In fact, it's good enough that we don't recommend paying more for higher level DRM unless you have contractual or insurance obligations that require it.
Asset Storage
We store the master copies of all assets securely in our cloud storage environment. The public has no access to this repository. Only festival staff and SparqFest staff have direct access to this repository. If you have enabled cloud storage synchronization, we also send these assets to your cloud storage account.
When we receive a video asset, we immediately ingest it for streaming. When we receive an audio asset, we convert it into a video asset and treat it thereafter as a video asset.
We delete all exhibition copies (e.g. films, episodes, podcasts) 30 days after the last day of the edition in which a work was selected. We retain only the trailers, posters, and other meta-data. We do not, however, delete anything from your cloud storage. It is up to you to delete the exhibition copies from your own storage devices, whether you downloaded them there yourself or used our cloud storage synchronization capabilities.
Streaming
As noted above, the first thing we do with any media asset is transcode it for streaming. When someone streams, they are not downloading a file. Instead, they are receiving bits into “player” software that reads and discards those bits from the network. Nothing is saved to the hard drive and the data may actually vary in quality and content (e.g. as if they were from different source files) based on changes in network quality as the video plays.
Access to streamed content is governed by a viewer's access rights and does not allow for them to download the original or save the streamed content. We log who watches each stream, when they watch it, and their IP address. The stream is delivered over an encrypted connection and cannot be intercepted by a third-party unless the underlying network has already been compromised.
Digital Rights Management (DRM)
While it is possible for a motivated pirate with the appropriate technical skills can bypass our basic controls and convert a stream into a media file, DRM adds little more than an additional speed bump for that pirate. Given the cost associated with Hollywood-grade DRM, we do not employ such measures on top of our basic streaming service.
In spite of the limited practical benefits of additional DRM, there may be some situations that contractually require such measures. Hollywood studios, for example, will not allow any kind of streaming of their content without an approved DRM solution. If your festival is working with a studio with such requires, contact our support team for a DRM quote.