top of page
jetagent2-transparent.gif

Security and Trust at Jetlink

Welcome to Jetlink’s Security Center. At Jetlink, we prioritize security and privacy at every level of our Conversational AI platform. We combine robust technical safeguards with strict policies to protect your data and ensure compliance. This page details our multi-layered security approach – covering data encryption, infrastructure defenses, secure development practices, access controls, compliance certifications, privacy protections, and incident response readiness – so your team can have full confidence in the security of the Jetlink platform.

Sofa pod

Data Security and Encryption

Jetlink protects customer data through strong encryption mechanisms and careful data handling policies. All data in transit between Jetlink services and users is encrypted using TLS 1.2+ with modern cipher suites (including Perfect Forward Secrecy) to prevent eavesdropping​This means that whether data is moving between your systems and Jetlink or between Jetlink’s internal services, it is transmitted over secure, encrypted channels. Data at rest in our databases and storage is encrypted using AES-256, an industry-standard encryption algorithm​. Encryption keys are managed securely using cloud Key Management Services with frequent key rotation and strict access controls.
 

We enforce data isolation to ensure that each customer’s data remains separate and protected. In our multi-tenant cloud, tenant data is logically segregated; your data cannot be accessed by other organizations’ instances. For customers with enhanced needs, Jetlink also offers private cloud and on-premises deployment options – allowing you to host Jetlink in your own environment or VPC, so that all conversation data stays within your controlled infrastructure. All backups and replicas are likewise encrypted, and backup data is stored off-site for disaster recovery but always in encrypted form.

We design our platform with secure data handling in mind. Sensitive fields can be masked or redacted, and we avoid storing personally identifiable information (PII) unless necessary for the service. Any PII that must be stored (such as user profile information for chat personalization) is protected under encryption and strict access rules. Our systems follow the principle of data minimization – only processing the data that is required for functionality – and we have automated mechanisms to purge or anonymize data according to retention policies you configure.



 
Compliance and Certifications

Security at Jetlink aligns with leading industry standards and regulations. We maintain a robust compliance program to meet the strict requirements of modern enterprises and regulatory bodies. Jetlink’s information security management practices are guided by ISO 27001 controls (for which we are undergoing certification) and we have implemented the Trust Services Criteria required for SOC 2 Type II compliance, undergoing independent audits of our security controls. These frameworks ensure we have comprehensive security policies and operational procedures in place – from risk management and access control to system integrity and vendor management – that are vetted by external auditors.

 


 

Screenshot 2025-05-09 at 14.49.06.png

Sofa pod

We adhere to global data protection regulations. Jetlink is GDPR compliant, and we offer a Data Processing Addendum (DPA) to customers to address EU General Data Protection Regulation requirements. We likewise comply with California’s CCPA/CPRA for consumer data privacy, and other relevant privacy laws, to help you honor all applicable data subject rights. If your organization is in a regulated sector, Jetlink can support your compliance needs – for example, we can sign Business Associate Agreements (BAAs) to facilitate HIPAA compliance for healthcare data, and our platform security measures address requirements of standards like PCI-DSS for payment data and regional laws like Canada’s PIPEDA.

Jetlink’s cloud hosting infrastructure itself meets rigorous certifications. We leverage top-tier cloud providers (such as AWS) whose data centers are certified for ISO 27001, SOC 1/2/3, ISO 27017/27018, and more​. This means the physical and environmental security of the servers housing Jetlink systems – from biometric access controls and 24/7 surveillance to redundant power and cooling – are independently audited and certified. In addition, Jetlink conducts regular third-party penetration tests and security assessments. We engage independent security firms to test our platform and networks, and we proactively address any findings. For additional assurance, we can provide pen-test summary reports or compliance whitepapers under NDA. Our commitment to compliance and continuous improvement means we stay up-to-date with evolving security standards and best practices, so that using Jetlink helps you meet your own compliance obligations.

Infrastructure Security

Jetlink’s infrastructure is designed for security, resilience, and high availability. Our cloud architecture is built on secure virtual private clouds with network segmentation. All servers are hardened and operate within a firewalled network – only required ports are open, and internal components communicate over private subnets. We use security groups and network ACLs to strictly limit traffic. Public-facing services (like our API endpoints) reside behind a Web Application Firewall (WAF) and load balancers to detect and block malicious traffic such as SQL injection or cross-site scripting attempts. We also utilize DDoS protection measures provided by our cloud platform to mitigate denial-of-service attacks.

Our production environment is separate from development and testing environments, and no test data resides in production. We follow an “infrastructure as code” approach, meaning our servers and networks are configured via version-controlled code templates, ensuring consistency and enabling quick security updates. Patching and updates are performed regularly: we apply critical security updates to underlying operating systems and dependencies as soon as possible to minimize exposure to known vulnerabilities.

Physical security is assured by our hosting providers’ certified data centers as noted earlier, with robust controls like 24/7 guarded facilities, CCTV monitoring, biometric access, and compartmentalized server rooms. Additionally, all Jetlink infrastructure is continuously monitored at the host and network level. We deploy intrusion detection and prevention systems (IDS/IPS) to alert on suspicious network patterns. All administrative access to infrastructure is done through secure channels (VPN and SSH with key-based authentication) and is limited to authorized engineers on the Jetlink DevOps team. Administrative actions are logged and audited.

For customers requiring on-premises deployments, Jetlink provides a secure connector that can be installed in your environment. This connector communicates with Jetlink’s cloud using outbound-only connections through TLS, meaning you don’t need to open inbound ports. This hybrid architecture ensures you can keep sensitive data on-site behind your firewall while still leveraging Jetlink’s cloud capabilities – a design similar to industry approaches for secure cloud connectivity​

Reliability is also a key part of security. Our infrastructure has built-in redundancy across multiple availability zones to ensure continuity. We perform regular backups of databases and critical data stores, and these backups are encrypted and stored in geo-redundant locations. In the event of a disaster or major outage, our disaster recovery plan ensures that Jetlink’s services can be restored from backups with minimal downtime.


 

Screenshot 2025-05-09 at 14.53.09.png

Sofa pod

Application Security and Secure Development
We build Jetlink’s software with security ingrained in the development lifecycle. Our engineering team follows a Secure SDLC (Software Development Life Cycle): from design to deployment, we conduct threat modeling and security reviews for new features. Developers are trained on secure coding guidelines (covering OWASP Top 10 risks and beyond) to prevent common vulnerabilities. Every code change goes through peer code reviews which include checks for security impact. We also use automated static code analysis and dependency scanning to catch security issues in our codebase and third-party libraries.
Before each release, Jetlink performs thorough testing including vulnerability scanning and dynamic application security testing (DAST) on our web interfaces and APIs. We maintain an internal bug bounty / responsible disclosure program encouraging security researchers to report any findings, and we triage and fix reported issues promptly. On an ongoing basis, Jetlink undergoes regular penetration testing by independent experts to simulate real-world attacks on our application and infrastructure. This includes testing of authentication mechanisms, access controls, and abuse scenarios. The results of these tests are used to improve our defenses continuously.

Jetlink’s web application includes multiple layers of protection. We implement strong input validation and output encoding throughout the platform to guard against injections and XSS. Session management is secured with HTTP-only, secure cookies and robust session timeout policies. We utilize frameworks that provide built-in defenses, and additional checks like rate limiting on APIs to prevent brute-force or misuse. Our API endpoints require authentication and use scoped tokens to ensure one part of the system cannot inappropriately access another. We log and monitor all significant application events (logins, configuration changes, etc.) for anomaly detection.
All changes to our production environment are done via a controlled CI/CD pipeline with approvals, ensuring that no unauthorized code is deployed. In line with DevSecOps principles, our DevOps and security teams collaborate closely – security controls and checks are integrated into our deployment process, and any configuration changes in the cloud (infrastructure settings, firewall rules, IAM roles) also go through review. This tight integration helps maintain a strong security posture as the application evolves​.

Access Control and Identity Management
Jetlink provides robust features for authentication and authorization, so both our customers and our internal team have controlled, secure access. User Authentication to the Jetlink platform supports Single Sign-On (SSO) via industry standards like SAML 2.0, OAuth2/OpenID Connect, and OIDC. You can integrate Jetlink with your enterprise Identity Provider (e.g. Okta, Azure AD, OneLogin), allowing your users to log in to Jetlink with corporate credentials and existing multi-factor authentication. This SSO capability simplifies user management and ensures adherence to your centralized security policies​. For customers not using SSO, Jetlink also supports built-in two-factor authentication (2FA) for account login – users can enable authenticator apps or SMS-based 2FA to add an extra layer of protection on top of passwords.

Inside the platform, Jetlink implements Role-Based Access Control (RBAC) and granular permissions. You can define roles (e.g. Administrator, Bot Developer, Analyst, Reader) and assign users permissions appropriate to their job needs. Every API key or access token generated can be scoped to specific data or actions, following the principle of least privilege. This means team members only see and do what they are authorized to, reducing the risk of accidental or malicious misuse of data.
Jetlink administrators (on the customer side) have tools to manage user access centrally – inviting or removing users, resetting credentials, and reviewing activity logs. We also maintain detailed audit logs of administrative and security-related actions on the platform​. For instance, changes to security settings, SSO configuration, role assignments, or data export events are all recorded. These logs enable your security team to audit usage and detect any unusual access patterns.
On the infrastructure side, administrative access to Jetlink’s own systems is tightly controlled. Only a small number of Jetlink engineering team members have access to production, and all such access requires multi-factor auth and is logged. We periodically review access rights and immediately revoke access for any departing personnel. Our team members undergo background checks and security training to ensure they handle systems and data appropriately. By combining strong customer-facing access controls with strict internal access management, Jetlink ensures that only the right people have access to the right resources at all times.

Privacy and Data Protection
Jetlink is committed to protecting the privacy of end-users and customers. We act as a data processor for our clients’ data, and you retain ownership and control of the data you send to Jetlink. We only process personal data as needed to provide the service and in accordance with contractual agreements (our Terms of Service and Data Processing Addendum). Jetlink does not monetize or sell your data – we do not share customer conversation data with advertisers or any third parties except trusted sub-processors necessary to operate the platform (and we disclose and govern all sub-processors by strict agreements).
Our privacy program is built to help customers comply with regulations like GDPR. We support GDPR requirements such as the right to access and delete data. Administrators can delete end-user conversation records or export data upon request, fulfilling Data Subject Access Requests. When a customer leaves Jetlink, we have defined data deletion timelines to securely purge customer data from our systems after service termination. We also accommodate data residency preferences – offering options to host data in specific geographic regions to meet data localization laws or corporate policies.

Jetlink’s Privacy Policy outlines all data practices in clear language. We limit the personal data we collect to only what is necessary (primarily usernames, emails for account users, and any end-user info that you choose to send through the chatbot). Any sensitive personal data (for example, if your use case involves collecting contact info, support queries with personal details, etc.) is protected under the security measures described on this page. Furthermore, we provide configuration settings that allow you to mask or not log certain chat data that may be sensitive. For instance, you can configure Jetlink to never store credit card numbers or other secret tokens inadvertently provided by users.

On an organizational level, we have a designated Data Protection Officer (DPO) and privacy team that oversees compliance. We conduct privacy impact assessments for new features involving personal data. All Jetlink staff are trained on data privacy principles and sign confidentiality agreements. By embedding privacy considerations into our product design and company culture (“Privacy by Design”), Jetlink ensures that user data is handled with care and in line with global privacy expectations.

Monitoring and Incident Response
Jetlink maintains vigilant monitoring and a robust incident response process to quickly address any security issues. We employ 24/7 monitoring of our production environment – this includes automatic alerts for unusual activities, traffic spikes, error rates, and suspicious login attempts. Our DevOps and security teams leverage a SIEM (Security Information and Event Management) system to aggregate logs from across the infrastructure (application logs, network logs, authentication logs) and to detect potential threats in real time​. We have defined thresholds and anomaly detection rules; if something deviates from normal patterns, our on-call engineers are notified immediately.

In the event of a security incident, Jetlink follows a structured Incident Response Plan. This plan defines clear roles and procedures for identification, containment, eradication, recovery, and communication. When an alert triggers or a vulnerability is reported, our incident response team will rapidly assess the situation. We prioritize containment to isolate affected components, for example by revoking suspicious credentials or blocking IP ranges if needed. The team then works to eliminate the threat (such as patching a zero-day vulnerability or removing malicious code) and recover any impacted services or data from backups. Throughout this process, we maintain communication with stakeholders and, if required, will promptly inform customers of incidents as per our contractual and legal obligations. Jetlink abides by all breach notification laws – if a data breach impacting your data were to occur, we would inform you without undue delay and provide findings and remediation steps.
Post-incident, we perform a root cause analysis and implement measures to prevent recurrence. Whether it’s improving a process, adding a new alert, or enhancing a firewall rule, we continuously strengthen our defenses from lessons learned. We also run regular drills (including simulated security incidents and disaster recovery exercises) to ensure our team is prepared and our backup/restoration procedures work as expected. Our goal is to be proactive – addressing issues before they become incidents – but also prepared to react swiftly and effectively if something does occur.

Finally, Jetlink’s platform reliability is part of our trust commitment. We publish real-time status on our services and maintain a 99.9% uptime SLA. Our business continuity plan covers scenarios from minor outages to major regional disasters, so that we can keep your conversational AI services running securely no matter what. In summary, through constant monitoring, rigorous incident response, and a culture of continuous improvement, Jetlink ensures that security events are rare – and handled with utmost professionalism if they do happen.

Jetlink TECH Security
Security is a never-ending journey at Jetlink. We blend cutting-edge technology with proven best practices to safeguard your data and earn your trust. From encryption and access control to compliance and incident response, every facet of the Jetlink platform is built with security in mind. Our dedicated security team stays ahead of emerging threats and continuously upgrades our defenses. By choosing Jetlink, you’re not only getting a powerful conversational AI solution – you’re also getting a partner committed to protecting your business and your customers. We invite any further questions about our security program and are happy to collaborate with your security experts to ensure Jetlink meets your enterprise’s standards for security and compliance. Your trust is our top priority, and we work tirelessly to maintain it every day.

bottom of page