Jam is built to meet enterprise security standards. Your data is encrypted at rest and in transit with AES-256, stored on Google Cloud Platform, and audited annually by third parties. This page covers how Jam handles your data, what compliance certifications are in place, and how to contact the security team.Documentation Index
Fetch the complete documentation index at: https://jam.dev/docs/llms.txt
Use this file to discover all available pages before exploring further.
Compliance and certifications
| Certification | Status |
|---|---|
| SOC 2 Type II | Compliant. Annual audits, quarterly vulnerability assessments |
| GDPR | Compliant |
| HIPAA | Coming soon |
Data storage and infrastructure
- Cloud provider: Google Cloud Platform, Central US region
- CDN: Cloudflare
- Encryption at rest: AES-256
- Encryption in transit: HTTPS/TLS
- Backups: Automated snapshots with the following retention schedule:
| Frequency | Retention |
|---|---|
| Hourly | 2 days |
| Daily | 7 days |
| Weekly | 4 weeks |
| Monthly | 12 months |
Data privacy
Where recordings are stored Jam stores all recordings in Google Cloud Platform. Jam does not currently support redirecting recordings to your own storage solution. Custom data retention Enterprise customers can set a custom data deletion schedule for their workspace. Contact Jam to configure your preferred schedule. Consent An end customer must actively choose to start a recording and then submit it before any visual or browser data is stored by Jam. Both steps are explicit consent actions that the user can decline.Sensitive data handling
Jam includes two protections to minimize the sensitive information collected during recordings:- Automatic blurring: Jam automatically blurs sensitive content in screen recordings. You can customize which data elements are blurred to match your product context.
- Network request obfuscation: Jam obfuscates sensitive data from captured network requests, such as authorization headers and tokens.
AI policy
Jam AI features are powered by third-party AI models. Here is how Jam handles your data when AI is involved:- Data is encrypted at rest and in transit
- Third-party AI providers do not train their models on your customer data
- Vendors may process data temporarily to enable AI features, but Jam limits how long they retain it
- Jam takes steps to de-identify and anonymize content before processing
Enterprise security features
The following features are available on the Enterprise plan. Contact sales to upgrade.
- Single Sign-On (SSO): connect your identity provider for centralized authentication
- Audit logs: track every significant workspace action with a full activity trail
- Custom data retention: set deletion schedules to control how long Jams are stored
- Access controls: set default visibility for all Jams in your workspace
Security monitoring
Vulnerability testing: Jam performs quarterly vulnerability scans and annual penetration tests as required by SOC 2 Type II compliance. GitHub’s dependency vulnerability feed monitors third-party dependencies in Jam’s source code continuously. Intrusion detection: Jam uses Cloudflare for attack prevention and GCP firewalls for infrastructure protection. Because the production network is fully managed by GCP, Jam does not run a separate IDS/IPS. Incident response: The security team reviews reports immediately and notifies affected users of confirmed incidents.Contact security
For security questions, vulnerability reports, or to request the SOC 2 report, email [email protected]. The team responds as quickly as possible and keeps you updated throughout any investigation. Jam does not currently offer a bug bounty program.Related pages
SSO
Connect your identity provider for enterprise authentication.
Audit logs
Track workspace activity for compliance and oversight.
Access controls
Control who can view your Jams.