Security overview

Our founding team includes product managers and engineers who worked at Cloudflare, so we take security and privacy very seriously. We do not and never will sell your data.

We get questions about our data security practices and compliance measures so we wanted to share a bit more about it below:

Frequently asked questions


Infrastructure and data


What infrastructure does Jam use?

Jam uses Google Cloud Platform as the cloud provider and Mongo Atlas to store data. For both GCP and Mongo Atlas, we use the Central US region. Jam uses Cloudflare for CDN. The chrome extension is distributed through Google’s chrome app store.

Does Jam backup data?

Yes. Our data retention period depends on the frequency of the snapshots.

FrequencyRetention period
Hourly2 days
Daily7 days
Weekly4 weeks
Monthly12 months


Does Jam encrypt data?

Yes. Data is encrypted at rest (AES-256) and in transit (HTTPS/TLS).

How does Jam secure its cloud environment?

Access to our cloud services, source code, third-party tools etc. are secured with 2FA.

Certifications


Is Jam SOC2 compliant?

No (not yet). A small team like ours do not have the bandwidth to acquire SOC2 compliance yet. However, we plan to get it in the future.



Product


Does Jam always record my screen?

No. Jam does not record your screen. Jam periodically takes snapshots of the DOM. The snapshots are stored locally until the user creates a Jam. Once the user creates a Jam, the snapshots are stitched together as a video and uploaded to our infrastructure.

How does Jam authenticate users?

Jam’s users receive one time code in their emails when they log in. The code expires in 5 minutes.

Security practices


What are Jam’s practices for reacting to security incidents?

We take security very seriously. We review security issues as soon as we learn about them. We let our users know if they are affected by the security incident.

Has Jam deployed firewalls and intrusion detection and prevention systems in your environment?

Jam uses Cloudflare as a mechanism to prevent attacks on our environment, as well as have firewalls and controls within our GCP project. However it does not have an IDS or IPS running in our production network because the network is fully operated by GCP

How often is Jam performing vulnerability scans and penetration tests on your own infrastructure?

Jam is using Github to store our source code. Github provides a vulnerability feed of issues that become known in third party software dependencies used by our source code.

Who should I reach out to if I have a security question about Jam?

If you notice a security issue or have a question or concern, you can reach out to us at security@jam.dev and we'll respond as soon as possible. Currently, Jam does not have a bug bounty program.