Security Practices
Security Practices
Security Practices
Jeeva.ai (the “Company”),
Address: 2708 Wilshire Blvd, #321, Santa Monica, CA 90403
Jeeva.ai (the “Company”),
Address: 2708 Wilshire Blvd, #321, Santa Monica, CA 90403
Jeeva.ai (the “Company”),
Address: 2708 Wilshire Blvd, #321, Santa Monica, CA 90403
Introduction
At Jeeva.ai, we are strongly committed to keeping our customers' data secure and private. We have made substantial investments to ensure that our product does not compromise the integrity of your data or your business. Safeguarding customer data is our top priority, and we continually refine our security measures to meet industry standards and counter emerging threats.
Infrastructure and Data Protection
Cloud Hosting: Our platform is hosted on Amazon Web Services (AWS) and Microsoft Azure, leveraging robust physical and network security measures compliant with ISO 27001, SOC 2, and PCI DSS standards.
Data Encryption: We secure data in transit using TLS 1.2+ protocols and protect data at rest with AES-256 encryption. Additional database-level encryption provides an extra layer of security.
Logical Separation of Customer Data: Each customer's data is logically separated to prevent unauthorized access between clients, ensuring that your data remains isolated and secure.
Access Controls: Implementing the Principle of Least Privilege (PoLP), we utilize role-based access controls (RBAC) and enforce Multi-Factor Authentication (MFA) across all access points. User activities are logged and monitored for anomalies.
Network Security: Our multi-layered approach includes firewalls, network segmentation, and intrusion detection and prevention systems (IDPS). Continuous monitoring and DDoS protection safeguard our network traffic.
Monitoring and Audits: We conduct continuous infrastructure monitoring using advanced security tools. Regular internal and third-party audits, vulnerability assessments, and penetration tests help us proactively identify and mitigate risks.
Introduction
At Jeeva.ai, we are strongly committed to keeping our customers' data secure and private. We have made substantial investments to ensure that our product does not compromise the integrity of your data or your business. Safeguarding customer data is our top priority, and we continually refine our security measures to meet industry standards and counter emerging threats.
Infrastructure and Data Protection
Cloud Hosting: Our platform is hosted on Amazon Web Services (AWS) and Microsoft Azure, leveraging robust physical and network security measures compliant with ISO 27001, SOC 2, and PCI DSS standards.
Data Encryption: We secure data in transit using TLS 1.2+ protocols and protect data at rest with AES-256 encryption. Additional database-level encryption provides an extra layer of security.
Logical Separation of Customer Data: Each customer's data is logically separated to prevent unauthorized access between clients, ensuring that your data remains isolated and secure.
Access Controls: Implementing the Principle of Least Privilege (PoLP), we utilize role-based access controls (RBAC) and enforce Multi-Factor Authentication (MFA) across all access points. User activities are logged and monitored for anomalies.
Network Security: Our multi-layered approach includes firewalls, network segmentation, and intrusion detection and prevention systems (IDPS). Continuous monitoring and DDoS protection safeguard our network traffic.
Monitoring and Audits: We conduct continuous infrastructure monitoring using advanced security tools. Regular internal and third-party audits, vulnerability assessments, and penetration tests help us proactively identify and mitigate risks.
Introduction
At Jeeva.ai, we are strongly committed to keeping our customers' data secure and private. We have made substantial investments to ensure that our product does not compromise the integrity of your data or your business. Safeguarding customer data is our top priority, and we continually refine our security measures to meet industry standards and counter emerging threats.
Infrastructure and Data Protection
Cloud Hosting: Our platform is hosted on Amazon Web Services (AWS) and Microsoft Azure, leveraging robust physical and network security measures compliant with ISO 27001, SOC 2, and PCI DSS standards.
Data Encryption: We secure data in transit using TLS 1.2+ protocols and protect data at rest with AES-256 encryption. Additional database-level encryption provides an extra layer of security.
Logical Separation of Customer Data: Each customer's data is logically separated to prevent unauthorized access between clients, ensuring that your data remains isolated and secure.
Access Controls: Implementing the Principle of Least Privilege (PoLP), we utilize role-based access controls (RBAC) and enforce Multi-Factor Authentication (MFA) across all access points. User activities are logged and monitored for anomalies.
Network Security: Our multi-layered approach includes firewalls, network segmentation, and intrusion detection and prevention systems (IDPS). Continuous monitoring and DDoS protection safeguard our network traffic.
Monitoring and Audits: We conduct continuous infrastructure monitoring using advanced security tools. Regular internal and third-party audits, vulnerability assessments, and penetration tests help us proactively identify and mitigate risks.
Compliance
Compliance
Compliance
We comply with SOC 2 and GDPR standards to ensure our security controls effectively protect customer data. Accredited third-party firms regularly audit our compliance efforts. We support Data Subject Access Requests (DSARs) and adhere to global data privacy regulations.
We comply with SOC 2 and GDPR standards to ensure our security controls effectively protect customer data. Accredited third-party firms regularly audit our compliance efforts. We support Data Subject Access Requests (DSARs) and adhere to global data privacy regulations.
We comply with SOC 2 and GDPR standards to ensure our security controls effectively protect customer data. Accredited third-party firms regularly audit our compliance efforts. We support Data Subject Access Requests (DSARs) and adhere to global data privacy regulations.
Data Minimization and Retention
Data Minimization and Retention
Data Minimization and Retention
Adhering to data minimization principles, we retain only essential data required by law or necessary for our operations. Users may request data deletion or review in line with data protection rights.
Adhering to data minimization principles, we retain only essential data required by law or necessary for our operations. Users may request data deletion or review in line with data protection rights.
Adhering to data minimization principles, we retain only essential data required by law or necessary for our operations. Users may request data deletion or review in line with data protection rights.
Incident Response
Incident Response
Incident Response
Our comprehensive incident response plan covers detection, containment, eradication, and recovery. In the event of a data breach, we promptly notify affected parties with detailed information and cooperate fully with regulatory authorities.
Our comprehensive incident response plan covers detection, containment, eradication, and recovery. In the event of a data breach, we promptly notify affected parties with detailed information and cooperate fully with regulatory authorities.
Our comprehensive incident response plan covers detection, containment, eradication, and recovery. In the event of a data breach, we promptly notify affected parties with detailed information and cooperate fully with regulatory authorities.
Business Continuity and Disaster Recovery
Business Continuity and Disaster Recovery
Business Continuity and Disaster Recovery
We maintain a business continuity plan to ensure uninterrupted services during disruptions. Our disaster recovery plan includes regular data backups and replication across secure locations. Failover mechanisms are routinely tested to minimize downtime.
We maintain a business continuity plan to ensure uninterrupted services during disruptions. Our disaster recovery plan includes regular data backups and replication across secure locations. Failover mechanisms are routinely tested to minimize downtime.
We maintain a business continuity plan to ensure uninterrupted services during disruptions. Our disaster recovery plan includes regular data backups and replication across secure locations. Failover mechanisms are routinely tested to minimize downtime.
Security Awareness and Training
Security Awareness and Training
Security Awareness and Training
All employees participate in rigorous security training programs, beginning during company onboarding. We enforce secure coding practices and conduct regular workshops and phishing simulations to stay updated on the latest threats and best practices.
All employees participate in rigorous security training programs, beginning during company onboarding. We enforce secure coding practices and conduct regular workshops and phishing simulations to stay updated on the latest threats and best practices.
All employees participate in rigorous security training programs, beginning during company onboarding. We enforce secure coding practices and conduct regular workshops and phishing simulations to stay updated on the latest threats and best practices.
Vendor and Sub-Processor Management
Vendor and Sub-Processor Management
Vendor and Sub-Processor Management
We require all vendors and sub-processors to meet our stringent security and compliance standards. Contracts include data protection clauses, and we perform regular audits to ensure ongoing adherence.
We require all vendors and sub-processors to meet our stringent security and compliance standards. Contracts include data protection clauses, and we perform regular audits to ensure ongoing adherence.
We require all vendors and sub-processors to meet our stringent security and compliance standards. Contracts include data protection clauses, and we perform regular audits to ensure ongoing adherence.
Last updated: Oct 13, 2024