
Security and Trust at Jetlink
Welcome to Jetlink’s Security Center. At Jetlink, we prioritize security and privacy at every level of our Conversational AI platform. We combine robust technical safeguards with strict policies to protect your data and ensure compliance. This page details our multi-layered security approach – covering data encryption, infrastructure defenses, secure development practices, access controls, compliance certifications, privacy protections, and incident response readiness – so your team can have full confidence in the security of the Jetlink platform.

Sofa pod
Data Security and Encryption
Jetlink protects customer data through strong encryption mechanisms and careful data handling policies. All data in transit between Jetlink services and users is encrypted using TLS 1.2+ with modern cipher suites (including Perfect Forward Secrecy) to prevent eavesdroppingThis means that whether data is moving between your systems and Jetlink or between Jetlink’s internal services, it is transmitted over secure, encrypted channels. Data at rest in our databases and storage is encrypted using AES-256, an industry-standard encryption algorithm. Encryption keys are managed securely using cloud Key Management Services with frequent key rotation and strict access controls.
We enforce data isolation to ensure that each customer’s data remains separate and protected. In our multi-tenant cloud, tenant data is logically segregated; your data cannot be accessed by other organizations’ instances. For customers with enhanced needs, Jetlink also offers private cloud and on-premises deployment options – allowing you to host Jetlink in your own environment or VPC, so that all conversation data stays within your controlled infrastructure. All backups and replicas are likewise encrypted, and backup data is stored off-site for disaster recovery but always in encrypted form.
We design our platform with secure data handling in mind. Sensitive fields can be masked or redacted, and we avoid storing personally identifiable information (PII) unless necessary for the service. Any PII that must be stored (such as user profile information for chat personalization) is protected under encryption and strict access rules. Our systems follow the principle of data minimization – only processing the data that is required for functionality – and we have automated mechanisms to purge or anonymize data according to retention policies you configure.
Compliance and Certifications
Security at Jetlink aligns with leading industry standards and regulations. We maintain a robust compliance program to meet the strict requirements of modern enterprises and regulatory bodies. Jetlink’s information security management practices are guided by ISO 27001 controls (for which we are undergoing certification) and we have implemented the Trust Services Criteria required for SOC 2 Type II compliance, undergoing independent audits of our security controls. These frameworks ensure we have comprehensive security policies and operational procedures in place – from risk management and access control to system integrity and vendor management – that are vetted by external auditors.


Sofa pod
We adhere to global data protection regulations. Jetlink is GDPR compliant, and we offer a Data Processing Addendum (DPA) to customers to address EU General Data Protection Regulation requirements. We likewise comply with California’s CCPA/CPRA for consumer data privacy, and other relevant privacy laws, to help you honor all applicable data subject rights. If your organization is in a regulated sector, Jetlink can support your compliance needs – for example, we can sign Business Associate Agreements (BAAs) to facilitate HIPAA compliance for healthcare data, and our platform security measures address requirements of standards like PCI-DSS for payment data and regional laws like Canada’s PIPEDA.
Jetlink’s cloud hosting infrastructure itself meets rigorous certifications. We leverage top-tier cloud providers (such as AWS) whose data centers are certified for ISO 27001, SOC 1/2/3, ISO 27017/27018, and more. This means the physical and environmental security of the servers housing Jetlink systems – from biometric access controls and 24/7 surveillance to redundant power and cooling – are independently audited and certified. In addition, Jetlink conducts regular third-party penetration tests and security assessments. We engage independent security firms to test our platform and networks, and we proactively address any findings. For additional assurance, we can provide pen-test summary reports or compliance whitepapers under NDA. Our commitment to compliance and continuous improvement means we stay up-to-date with evolving security standards and best practices, so that using Jetlink helps you meet your own compliance obligations.
Infrastructure Security
Jetlink’s infrastructure is designed for security, resilience, and high availability. Our cloud architecture is built on secure virtual private clouds with network segmentation. All servers are hardened and operate within a firewalled network – only required ports are open, and internal components communicate over private subnets. We use security groups and network ACLs to strictly limit traffic. Public-facing services (like our API endpoints) reside behind a Web Application Firewall (WAF) and load balancers to detect and block malicious traffic such as SQL injection or cross-site scripting attempts. We also utilize DDoS protection measures provided by our cloud platform to mitigate denial-of-service attacks.
Our production environment is separate from development and testing environments, and no test data resides in production. We follow an “infrastructure as code” approach, meaning our servers and networks are configured via version-controlled code templates, ensuring consistency and enabling quick security updates. Patching and updates are performed regularly: we apply critical security updates to underlying operating systems and dependencies as soon as possible to minimize exposure to known vulnerabilities.
Physical security is assured by our hosting providers’ certified data centers as noted earlier, with robust controls like 24/7 guarded facilities, CCTV monitoring, biometric access, and compartmentalized server rooms. Additionally, all Jetlink infrastructure is continuously monitored at the host and network level. We deploy intrusion detection and prevention systems (IDS/IPS) to alert on suspicious network patterns. All administrative access to infrastructure is done through secure channels (VPN and SSH with key-based authentication) and is limited to authorized engineers on the Jetlink DevOps team. Administrative actions are logged and audited.
For customers requiring on-premises deployments, Jetlink provides a secure connector that can be installed in your environment. This connector communicates with Jetlink’s cloud using outbound-only connections through TLS, meaning you don’t need to open inbound ports. This hybrid architecture ensures you can keep sensitive data on-site behind your firewall while still leveraging Jetlink’s cloud capabilities – a design similar to industry approaches for secure cloud connectivity
Reliability is also a key part of security. Our infrastructure has built-in redundancy across multiple availability zones to ensure continuity. We perform regular backups of databases and critical data stores, and these backups are encrypted and stored in geo-redundant locations. In the event of a disaster or major outage, our disaster recovery plan ensures that Jetlink’s services can be restored from backups with minimal downtime.

