Security

Last Updated: January 10, 2025

Our Commitment to Security

At JelyTech, we take security seriously. We understand that you trust us with your data and your customers' interactions. This page outlines the security measures we implement to protect your information and ensure the safe operation of our services.

Data Encryption

In Transit

  • All data transmitted between your browser and our servers is encrypted using TLS 1.3 or higher
  • API communications use HTTPS with strong cipher suites
  • We enforce strict transport security (HSTS) to prevent downgrade attacks

At Rest

  • All stored data is encrypted using AES-256 encryption
  • Database backups are encrypted before storage
  • Encryption keys are managed securely and rotated regularly

Authentication and Access Control

User Authentication

  • Passwords are hashed using bcrypt with strong salt values
  • We enforce minimum password requirements (6+ characters)
  • Account lockout mechanisms protect against brute force attacks
  • Secure password reset process with time-limited tokens
  • Session tokens are cryptographically secure and expire after inactivity

Access Controls

  • Role-based access control (RBAC) for organization members
  • Principle of least privilege enforced throughout our systems
  • Administrative access is logged and monitored
  • Multi-factor authentication available for enhanced security

Infrastructure Security

Cloud Infrastructure

  • Hosted on reputable cloud providers with SOC 2 Type II compliance
  • Network segmentation isolates sensitive components
  • Firewalls and security groups restrict unauthorized access
  • Regular security patches and updates applied to all systems
  • Automated vulnerability scanning and remediation

Application Security

  • Input validation and sanitization to prevent injection attacks
  • Protection against Cross-Site Scripting (XSS) attacks
  • Cross-Site Request Forgery (CSRF) protection
  • Rate limiting to prevent abuse and DDoS attacks
  • Secure API design with proper authentication and authorization

Data Protection

Data Isolation

  • Customer data is logically isolated by organization
  • No cross-tenant data access is possible
  • API responses are filtered to ensure data privacy

Data Backups

  • Automated daily backups of all critical data
  • Backups are encrypted and stored in geographically distributed locations
  • Regular backup restoration testing to ensure data recovery capabilities
  • Point-in-time recovery available for critical systems

Data Retention and Deletion

  • Clear data retention policies aligned with legal requirements
  • Secure data deletion processes when accounts are terminated
  • Right to be forgotten compliance for applicable regulations

Payment Security

  • All payment processing handled by Stripe, a PCI DSS Level 1 certified provider
  • We do not store full credit card numbers on our servers
  • Tokenization used for secure payment method storage
  • 3D Secure authentication supported for enhanced payment security

Monitoring and Incident Response

Security Monitoring

  • 24/7 automated security monitoring and alerting
  • Real-time threat detection and analysis
  • Comprehensive logging of security-relevant events
  • Regular security audits and penetration testing

Incident Response

  • Documented incident response procedures
  • Dedicated security team for rapid incident resolution
  • Transparent communication with affected users
  • Post-incident analysis and remediation

Third-Party Security

We carefully vet all third-party services we integrate with:

  • OpenAI: SOC 2 Type II compliant, enterprise-grade security
  • Stripe: PCI DSS Level 1 certified payment processor
  • Cloud Providers: SOC 2, ISO 27001 certified infrastructure
  • Regular review of third-party security practices
  • Data processing agreements (DPAs) in place with all vendors

Compliance and Certifications

We comply with industry standards and regulations:

  • GDPR: General Data Protection Regulation compliance for EU users
  • CCPA: California Consumer Privacy Act compliance
  • SOC 2: Working towards SOC 2 Type II certification
  • Regular compliance audits and assessments
  • Privacy by design principles in all development

Employee Security

  • Background checks for all employees with data access
  • Regular security awareness training
  • Strict confidentiality and non-disclosure agreements
  • Access controls and monitoring for internal systems
  • Immediate access revocation upon employee departure

API Security

  • API authentication using secure tokens
  • Rate limiting to prevent abuse
  • Request validation and sanitization
  • API versioning for backward compatibility
  • Comprehensive API documentation with security best practices

Privacy and Analytics

  • Self-hosted Matomo Analytics respects user privacy
  • No data sold to third parties
  • Anonymized analytics data
  • Users can opt-out of analytics tracking
  • Transparent data collection practices

Your Role in Security

Security is a shared responsibility. You can help protect your account by:

  • Using strong, unique passwords
  • Enabling multi-factor authentication when available
  • Keeping your credentials confidential
  • Regularly reviewing account activity
  • Reporting suspicious activity immediately
  • Keeping your browser and software up to date
  • Being cautious of phishing attempts

Vulnerability Disclosure

We take security vulnerabilities seriously. If you discover a security issue:

  • Report it to us immediately at security@jelytech.com
  • Provide detailed information about the vulnerability
  • Allow us reasonable time to address the issue before public disclosure
  • We will acknowledge receipt within 48 hours
  • We appreciate responsible disclosure and may recognize security researchers

Security Updates

We continuously improve our security posture through:

  • Regular security assessments and audits
  • Staying current with security best practices
  • Monitoring emerging threats and vulnerabilities
  • Implementing security patches promptly
  • Participating in security community forums

Business Continuity

  • Disaster recovery plans in place
  • High availability architecture with redundancy
  • Geographic distribution of critical systems
  • Regular disaster recovery testing
  • Service level objectives (SLOs) for uptime

Security Documentation

For enterprise customers, we provide:

  • Detailed security questionnaires
  • Security white papers
  • Compliance documentation
  • Data processing agreements (DPAs)
  • Custom security assessments upon request

Contact Security Team

For security-related questions or concerns:

  • Security Issues: security@jelytech.com
  • Privacy Questions: privacy@jelytech.com
  • General Contact: /contact

We aim to respond to security inquiries within 24-48 hours.

Transparency

We believe in transparency regarding our security practices. This page is regularly updated to reflect our current security measures. If you have questions about any aspect of our security, please do not hesitate to contact us.