Our founding team includes product managers and engineers who worked at Cloudflare, so we take security and privacy very seriously. We do not and never will sell your data.
We get questions about our data security practices and compliance measures so we wanted to share a bit more about it below:
Jam is currently working on SOC 2 Type 2 compliance. We will be happy to share our letter of engagement upon request. You can email security@jam.dev to request the letter of engagement.
Jam uses Google Cloud Platform as the cloud provider and Mongo Atlas to store data. For both GCP and Mongo Atlas, we use the Central US region. Jam uses Cloudflare for CDN. The chrome extension is distributed through Google’s chrome app store.
Yes. Our data retention period depends on the frequency of the snapshots.
Frequency | Retention period |
---|---|
Hourly | 2 days |
Daily | 7 days |
Weekly | 4 weeks |
Monthly | 12 months |
Yes. Data is encrypted at rest (AES-256) and in transit (HTTPS/TLS).
Access to our cloud services, source code, third-party tools etc. are secured with 2FA.
No. Jam does not record your screen. Jam periodically takes snapshots of the DOM. The snapshots are stored locally until the user creates a Jam. Once the user creates a Jam, the snapshots are stitched together as a video and uploaded to our infrastructure.
Jam’s users receive one time code in their emails when they log in. The code expires in 5 minutes.
We take security very seriously. We review security issues as soon as we learn about them. We let our users know if they are affected by the security incident.
Jam uses Cloudflare as a mechanism to prevent attacks on our environment, as well as have firewalls and controls within our GCP project. However it does not have an IDS or IPS running in our production network because the network is fully operated by GCP
Jam is using GitHub to store our source code. GitHub provides a vulnerability feed of issues that become known in third party software dependencies used by our source code.
If you notice a security issue or have a question or concern, you can reach out to us at security@jam.dev and we'll respond as soon as possible. Currently, Jam does not have a bug bounty program.