Skip to main content

Documentation Index

Fetch the complete documentation index at: https://jam.dev/docs/llms.txt

Use this file to discover all available pages before exploring further.

Jam’s data privacy and security practices adhere to rigorous enterprise standards. Our infrastructure, data policies and internal corporate processes have been run through extensive security tests by third-party auditors. We run quarterly vulnerability tests and annual exercises, as SOC 2 Type 2 requires.

Privacy and data protection

Where are Jam recordings stored?

Jam stores all recordings with Google Cloud Platform. We don’t support redirecting Jams to your own storage.

Can we choose when Jam recordings are to be deleted?

Yes, Jam customers can specify a data deletion schedule for their workspace. Contact us to implement your chosen schedule.

Who has access to Jam recordings?

Jam provides Access Controls so that you can control who can view your Jams. You can set global permissions so that only people with verified access to an email address with your company domain can view Jams. You can further narrow access to specific email addresses on a per Jam basis. An end customer must proactively choose to begin recording and to submit their recording before any visual and browser data is stored by Jam. Both steps are forms of consent that the end user can decline at their discretion.

How does Jam minimize the amount of sensitive information it collects?

Jam gathers visual screen recordings and data directly from the user’s browser. We also collect audio if the user opts into recording their voice alongside their screen. Jam has put protective measures in place to ensure users do not share or expose unnecessary sensitive data. See the following resources for deeper details:

Can we tailor the automatic blurring feature?

Yes, Jam gives our customers control over what data elements will be automatically blurred during recordings. In this guide, we outline the data elements that are included in Jam’s default settings. It also includes instructions for how to choose data elements based on your own product context.

Infrastructure and data management

Infrastructure

Jam uses Google Cloud Platform as the cloud provider to store data. For GCP, we use the Central US region. Jam uses Cloudflare for CDN. The Chrome extension is distributed through Google’s Chrome app store.

Does Jam backup data?

Yes. Our data retention period depends on the frequency of the snapshots.
FrequencyRetention period
Hourly2 days
Daily7 days
Weekly4 weeks
Monthly12 months

Security measures

Encryption

Yes. Data is encrypted at rest (AES-256) and in transit (HTTPS/TLS).

Securing our cloud environment

Access to our cloud services, source code, third-party tools etc. are secured with 2FA.

Security incident practices

We review security issues as soon as we learn about them. We let our users know if they are affected by any security incident.

Firewalls and IDS

Cloudflare prevents attacks at the edge and GCP firewalls protect our infrastructure. We don’t run a separate IDS/IPS because GCP manages the production network.

Vulnerability scans and penetration tests

Jam is using GitHub to store our source code. GitHub provides a vulnerability feed of issues that become known in third party software dependencies used by our source code.

Compliance and certifications

SOC 2 Type 2 Compliance

Jam is SOC 2 Type 2 compliant. We are happy to share our SOC 2 Type 2 report with qualified customers. You can email [email protected] to request the report.

Contact

If you notice a security issue or have a question or concern, you can reach out to us at [email protected] and we’ll respond as soon as possible. Jam does not have a bug bounty program.