Jamworks Security Policy
This document is designed to help you better understand our security practices so that you can feel confident that your data will be handled securely and with integrity.
Here at Jamworks, we’re completely focused on user content security and recognise the importance of being transparent about what data we process, why we process it, where it’s processed, how it’s been stored, and how we safeguard it.
We recognise that conversations captured by the Jamworks application may contain some of your most sensitive and confidential information. That’s why we are committed to keeping your information private and secure. Additionally, we believe transparency is essential to all content-generation participants. As such, users must comply with local laws and regulations, ask for consent, and indicate when they are recording and transcribing conversations with others. In case you are using Jamworks to capture organisation-specific information, then you must comply with organisational rules and regulations.
Jamworks operates under SOC2 compliance guidelines. We intend to undertake a SOC2 compliance certification process and be formally certified by the end of 2023.
Privacy
Security-driven culture
Jamworks’ focus on security and privacy is rooted in our organisational culture, beginning with the hiring process, continuing during employee onboarding, ongoing training, and company-wide initiatives to raise awareness. All new team members are required to take information security and privacy awareness training. Developers are required to take secure coding training at the time of hire and periodically thereafter. Our DevSecOps team conducts regular awareness and training activities, including security newsletters, email alerts, and phishing tests.
Infrastructure Security
Jamworks utilises a Software-as-a-Service (SaaS) model in which security is a shared responsibility among Amazon Web Services (AWS), Jamworks, and our customers. Jamworks leverages AWS as our main cloud infrastructure provider to deliver solutions that are highly available, scalable, and secure. At a high level, AWS is responsible for physical, network, and virtualisation platform security. Jamworks is responsible for host services, encryption, middleware, and application-level security, event monitoring, and disaster recovery. Customers are responsible for user identity management, access control, and data security.
General
Jamworks externally-hosted components of the application (cloud-based) that are used to store customer and end-user data is protected in accordance with internal security policies and industry best practices.
Best practices include but are not limited to:
Data Backup
Backups of customer and end-user data to cloud storage are performed according to an automated schedule with the retention period of 7 days (RDS). Jamworks uses cloud storage provided by Amazon Web Services (AWS).
Data storage backups (S3) can be configured based upon the client request for the organisational storage options.
Data Transfer
Jamworks will never transfer data in an insecure format. While every effort is made to protect data, we can’t guarantee that transmitting data over the internet, or storing data electronically in the cloud, is 100% secure or error-free.
Secure local storage
Content created by a Jamworks user, including video, audio recordings, and electronic notes, are stored locally on the user’s device before being securely uploaded to Jamworks’ cloud storage.
Secure cloud storage
Data is uploaded to Jamworks’ cloud storage, which is hosted with Amazon Web Services (AWS) across multiple data centres in different locations including the US (California) and the EU (Frankfurt & London).
All data is uploaded using a secure connection (HTTPS) and is saved in a specifically indexed storage that allows the efficient extraction and streaming of content with minimal delays to the end-users.
Jamworks is built with an idea of high-availability and redundancy requirements, eliminating single points of failure and providing additional platform reliability. Web, encoding, and database servers are mirrored across availability zones. In the event of an entire availability zone outage, the system seamlessly transitions to another zone, providing business continuity and protecting the integrity of your data.
Communication between the browser and AWS S3 (for streaming) is done via a content distribution network that provides high availability and minimal delay for the user clients.
AWS maintains state-of-the-art, multi-perimeter physical security at their data centres. This includes prohibiting external access and not sharing the precise location of their data centres. Environmental safeguards include fire detection and suppression, fully redundant power systems, climate control, and real-time electrical and mechanical systems management.
Organisational dedicated instances provide full control of the content distribution and management for the organisation and allow for securing the content with additional encryption options, including archival into the current instance or data transfer into another cloud provider.
Deleting content
A user has the ability to delete content (video or audio captures) from their individual Jamworks account. After a user deletes their content, it will be removed from their device and Jamworks cloud infrastructure and will no longer be available to them.
Application Security
From the point of capture to the point of playback, Jamworks makes it easy to record, manage and stream video content securely. Our content distribution platform provides multi-layer security at the perimeter, within the repository, and during streaming. This ensures that only authorised users can watch videos and that data is safe at rest and in transit.
Authentication
Jamworks supports email verification-based sign-in with strong minimum password requirements of a minimum of eight characters, including one digit, one symbol, and one uppercase letter. SAML-based Single-Sign-On is available for commercial clients based on the variety of supported identity providers. Jamworks also supports optional multi-factor authentication should the user choose to further control access.
Application authentication for the end-user is decoupled from the main application and provided by the specifically designed middleware – identity management services (IDM) based on the microservices architecture.
Jamworks incorporates best practices of AWS infrastructure deployment utilising Amazon Cognito as customer identity and access management (CIAM) service. AWS Cognito provides a secure identity store and federation options that support extra scaling for user growth and expansion and supports login with social identity providers and SAML or OIDC-based identity providers and offers advanced security features to protect Jamworks users.
For the dedicated organisational instances, Jamworks can integrate Single-Sign-On (SSO) authentication mechanisms based on the publicly available identity providers such as Google, Facebook, etc. or organisational-specific SAML-based authentication like Microsoft Active Directory both on prem and Azure based.
Endpoint-driven architecture of the Jamworks Core platform allows integration with other 3rd party systems for data exchange and workflow builds including but not limited to user data synchronisation, API functions integration, and data flow exchange. Based on Jamworks’ Core capabilities, end users can get an extended set of features, connect to different systems and activate new interfaces in Jamworks application.
Operational Security
Our internal systems and processes are managed through security policies that cover the best-in-class security controls, including access control, risk assessment, awareness and training, incident response, configuration management, and physical and environmental protection.
Our engineering team uses a secure software development lifecycle to ensure that security assurance activities such as code review and architecture analysis are inherent to the development effort.
Internal team data access
By default, only our key engineering and support leads have access to customer data. No other Jamworks staff have access to customer data unless granted permission for debugging purposes. All actions with customer data are logged and could be verified for auditing purposes. All employees go through a thorough background check, and sign a confidentiality agreement.
3rd Party Sub-processors
Jamworks is a content aggregator and engaged with certain onward sub-processors. Below are the sub-processors that Jamworks currently utilises and a description of their service:
Amazon Web Services https://aws.amazon.com
Amazon.com, Inc. 410 Terry Avenue North, Seattle, WA 98109-5210
Purpose: Data centre storing audio and annotation data and registration details of students and staff using the software.
Stripe https://stripe.com
510 Townsend Street San Francisco California 94103
Purpose: Payment processing
Deepgram https://deepgram.com
548 Market Street, San Francisco
Purpose: Automated Speech recognition and transcription generation service
Amplitude https://amplitude.com
Attn: Privacy 631 Howard Street, Floor 5 San Francisco, CA 94105
Purpose: Used for analytics. All data pseudonymised
OpenAI https://openai.com
3180 18th Street, San Francisco
Purpose: Base model usage for elements of summarisation
Intercom https://www.intercom.com
San Francisco. 55 2nd Street, 4th Floor, San Francisco
Purpose: Customer support
Accessibe https://accessibe.com
David Ben Gurion Rd 1, Bnei Brak, 5120149, Israel
Purpose: User interface adjustments
Contact
If you have any questions about our security policy and processes, please contact us at security@jamworks.com
