We take the security of your data seriously at Jet Studio Software.
As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security.
We understand that you rely on Jet Studio Software’s services to optimally perform.
We’re committed to making Jet Studio Software a highly-available services that you can count on.
Our infrastructure runs on systems that are fault tolerant, for failures of individual servers or even entire data centers.
Jet Studio Software, including each of its subsidiaries, has implemented and/or will be responsible for ensuring each of its sub-processors implementation of, measures designed to:
- Deny unauthorized person’s access to data-processing equipment used for processing Personal Data (equipment access control).
- Prevent the unauthorized reading, copying, modification or removal of data media containing Personal Data (media control).
- Prevent unauthorized inspection, modification or deletion of stored Personal Data (storage control).
- Prevent the use of automated data-processing systems by unauthorized persons using data communication equipment used to process Personal Data (user control).
- Limit access to Personal Data by persons authorized to use an automated data-processing system to the scope and duration of their access authorization (data access control).
- Enable verification of the individuals to whom Personal Data has been transmitted or made available using data communication equipment (communication control).
- Enable verification of which individuals input Personal Data into automated data-processing systems and when (input control).
- Prevent the unauthorized reading, copying, modification or deletion of
- Personal Data during transfers of that data or during transportation of data media (transport control).
- Enable restoration of installed systems used to process Personal Data in case of interruption (recovery).
- Ensure that the functions of the system used to process Personal Data perform, that the appearance of faults in the functions is reported (reliability) and prevent stored Personal Data from corruption by means of a malfunctioning of the system (integrity).
1. Guiding Principles
Jet Studio Software follows these guiding principles when developing and implementing security controls:
- Jet Studio Software strives to protect the confidentiality, integrity, and availability of its information assets and those of its clients.
- We will comply with applicable U.S. and international privacy and data protection laws.
- We will balance the need for business efficiency with the need to protect sensitive, proprietary, or other confidential information from undue risk.
- Using appropriate (encrypted) authentication measures, we will grant access to sensitive, proprietary, or other confidential information only to those with a need to know and with the lowest level of privileges necessary to perform their assigned functions.
- Recognizing that an astute workforce is the best line of defense, we will provide security training and resources to help individuals understand and meet their information security obligations.
We place strict controls over our employees’ access to the data you and your users make available via the Jet Studio Software services, as more specifically defined in your agreement with Jet Studio Software covering the use of the Jet Studio Software services (“Customer Data”).
The operation of the Jet Studio Software services requires that some employees have access to the systems which store and process Customer Data.
For example, in order to diagnose a problem you are having with the Jet Studio Software services, we may need to access your Customer Data.
These employees are prohibited from using these permissions to view Customer Data unless it is necessary to do so.
We have technical controls and audit policies in place to ensure that any access to Customer Data is logged.
System access rights will be limited to only rights that are needed to perform the tasks (minimalistic principle).
Once the tasks have been completed, the right of access will be deleted or blocked. Requests for access rights are subject to separation of duties.
The allocation and management of rights will be documented.
If access to personal data is not explicitly necessary, then access will not be allowed.
User rights will be assigned allowing access only as required for a task or role i.e.; read, write, modify, etc. Access via external networks will be adequately protected (encryption, authentication, etc.).
Secure password protocols based on the current state of technology will be implemented.
Input, changes, and erasures of personal data are logged and regularly examined in terms of illegitimate data processing.
Access logs will contain a record of every successful/unsuccessful attempt to log on that was initiated by the user or the system.
Similarly to access logs, we store also logs containing records of every hack attempt made on our servers.
All activities relevant to the security of the system that are performed using administrator rights will be logged.
The log data will be stored indefinitely in a manner that prevents tampering, makes them quickly available and complies with legal requirements.
Only authorized users are permitted to access log data.
To reduce the risk of data loss, regular backups will be made.
Moreover, data processing systems will be appropriately maintained and updated.
The following security measures are implemented as part of the availability controls (not exclusively): (a) backup procedures (b) multi-site architecture; and (c) redundancy of critical systems.
Backups are stored indefinitely.
6. Incident Management
Jet Studio Software maintains formal security incident management policies and procedures and shall notify vested parties (including, individuals, clients, vendors, partners, and if applicable regulatory agencies) without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Service Provider Data, including Personal Data, transmitted, stored or otherwise processed by Jet Studio Software or its Sub-processors of which Jet Studio Software becomes aware (a “Service Provider Data Breach Incident”).
Jet Studio Software shall make reasonable efforts to identify the cause of such Service Provider Data Incident and take those steps as Jet Studio Software deems necessary and reasonable in order to remediate the cause of such a Service Provider Data Incident to the extent the remediation is within Jet Studio Software’s reasonable control.
The obligations herein shall not apply to incidents that are caused by Service Provider or Service Provider’s Users.