Security, privacy and compliance

Our founding team includes product managers and engineers who worked at Cloudflare, a leading public cybersecurity company, so we take security and privacy very seriously. We do not and will never sell your data.
We get questions about our data security practices and compliance measures so we wanted to share a bit more about it below:

SOC 2 Type 2 Compliance

Jam is currently working on SOC 2 Type 2 compliance. We will be happy to share our letter of engagement upon request. You can email [email protected] to request the letter of engagement.

Infrastructure

Jam uses Google Cloud Platform as the cloud provider to store data. For GCP, we use the Central US region. Jam uses Cloudflare for CDN. The Chrome extension is distributed through Google’s Chrome app store.

Does Jam backup data?

Yes. Our data retention period depends on the frequency of the snapshots.

Frequency Retention period

Frequency
Retention period
Hourly
2 days
Daily
7 days
Weekly
4 weeks
Monthly
12 months

Encryption

Yes. Data is encrypted at rest (AES-256) and in transit (HTTPS/TLS).

Securing our cloud environment

Access to our cloud services, source code, third-party tools etc. are secured with 2FA.

What are Jam’s practices for reacting to security incidents?

We take security very seriously. We review security issues as soon as we learn about them. We let our users know if they are affected by any security incident.

Has Jam deployed firewalls and intrusion detection and prevention systems in your environment?

Jam uses Cloudflare as a mechanism to prevent attacks on our environment, as well as have firewalls and controls within our GCP project. However it does not have an IDS or IPS running in our production network because the network is fully operated by GCP.

How often is Jam performing vulnerability scans and penetration tests on your own infrastructure?

Jam is using GitHub to store our source code. GitHub provides a vulnerability feed of issues that become known in third party software dependencies used by our source code.

Who should I reach out to if I have a security question about Jam?

If you notice a security issue or have a question or concern, you can reach out to us at [email protected] and we'll respond as soon as possible. Currently, Jam does not have a bug bounty program.