Your data is protected at every layer. From encryption to infrastructure, we treat your relationship data with the security it deserves.
Infrastructure
All stored data is encrypted with AES-256, the gold standard for symmetric encryption used by governments and financial institutions worldwide. Your data is unreadable without the proper decryption keys.
EncryptionEvery connection between your device and Jetwork is protected by TLS 1.3, the latest transport security protocol. This eliminates known vulnerabilities in older TLS versions and ensures forward secrecy.
TransportPowered by Supabase Auth with bcrypt password hashing and secure JWT tokens. Passwords are never stored in plaintext. Session tokens are short-lived and automatically refreshed, with support for Google OAuth single sign-on.
Supabase AuthThird-party integration tokens are managed by Nango, a dedicated OAuth security platform. Tokens are stored in Nango's encrypted vault, never in our primary database, and are automatically rotated on expiry.
NangoHosted on Vercel (SOC 2 Type II certified) for application delivery and Supabase (SOC 2 Type II certified) for database and authentication. Both providers offer enterprise-grade uptime, DDoS protection, and continuous monitoring.
SOC 2 Type IIWe comply with the General Data Protection Regulation and the California Consumer Privacy Act. You have full rights to access, export, correct, and delete your data at any time. Enterprise customers can execute a Data Processing Agreement.
ComplianceEvery customer's data is logically isolated at the database row level with strict access policies. No query can ever return another customer's data, even in the event of an application-level vulnerability.
IsolationEvery access to your data is logged with immutable, tamper-evident audit trails. Enterprise customers can access detailed logs showing who accessed what data and when, enabling full accountability.
MonitoringWe will never sell, rent, or trade your personal data or relationship information to third parties. Your data is used solely to power your Jetwork experience. This is a permanent commitment, not a policy we can quietly change.
CommitmentCompliance
GDPR
EU data protection ready
SOC 2
Infrastructure certified
US
Primary data residency
Responsible Disclosure
We take security vulnerabilities seriously and appreciate responsible disclosure. If you discover a security issue in our platform, infrastructure, or any Jetwork service, please report it to us privately.
Do not disclose the vulnerability publicly until we have had a reasonable opportunity to investigate and address it. We aim to acknowledge all reports within 24 hours and provide an initial assessment within 72 hours.
We do not currently operate a paid bug bounty program, but we recognize and credit researchers who report valid vulnerabilities.