JagaSecTrust
Security at JagaSec
Last updated: 22 June 2026
Security isn't a feature we bolt on — it's how every product begins. Here's a high-level look at how we protect your data.
Our approach
We design with threat modelling and least-privilege from day one. We keep this page intentionally high-level — enough to earn your trust, without publishing a map for attackers.
Data protection
- Encryption in transit — all traffic to the Service is served over modern TLS.
- Encryption at rest — stored data is encrypted on disk.
- Secrets handling — credentials are stored using strong, industry-standard one-way hashing — never in plain text.
Access control
Access is role-based and enforced on the server for every request. Internal access to production follows least-privilege and is limited to what is necessary to operate the Service.
Tenant isolation
Every organization's data is logically isolated from every other organization, enforced in depth so that one customer can never see another's data.
Monitoring & audit
Security-relevant events are logged to a tamper-evident audit trail, and we monitor for anomalies so we can respond quickly to issues.
Resilience & backups
Data is backed up regularly and restores are tested — an untested backup is no backup. See our Status page for live availability.
Responsible disclosure
Found a vulnerability? We welcome reports from the security community. Please email security@jagasec.com with details and steps to reproduce. Act in good faith, avoid privacy violations and service disruption, and give us reasonable time to fix the issue before any public disclosure. We will not pursue researchers who follow these guidelines.