Security Policy

At SafeJAM Ltd, the security of our service and the protection of our users' data is of paramount importance. This Security Policy outlines the measures we take to safeguard your information and ensure the integrity of our service. By using our service, you agree to comply with this policy.

1. Data Encryption

We use industry-standard encryption protocols to protect your data during transmission and storage. Our service employs SSL/TLS encryption to ensure that all data transmitted between your device and our servers is encrypted and secure. This includes all personal data, browsing session data, and payment information.

  • SSL/TLS Encryption: All data sent between your browser and our servers is encrypted using SSL/TLS, ensuring that any sensitive information is protected from interception by unauthorised parties.
  • Data at Rest Encryption: Personal data, including your account details stored in our backend systems, is encrypted to prevent unauthorised access.
  • Third-Party Encryption: Payments processed via Stripe are also protected using Stripe’s encryption technologies. For more information, see Stripe’s Privacy Policy.

2. Isolation

Our service is designed to provide a secure environment by isolating your remote session from your local device. By leveraging AWS Appstream technology, we ensure that all activity takes place in a secure cloud environment, protecting your device from potential malware, phishing attempts, and other online threats.

  • Isolated Sessions: Each session is isolated in a secure, virtualised environment, preventing malware or harmful content from reaching your local device.
  • Zero Data Persistence: Once your browsing session ends, no browsing history, cookies, or other session data is stored on the cloud infrastructure, ensuring complete privacy and security.
  • Regular Security Audits: Our infrastructure undergoes regular security reviews and audits to ensure that all systems remain protected against new and emerging threats.

3. Incident Response

We take security incidents seriously and have a robust incident response plan in place to address any data breaches or security issues that may arise. Our approach includes the following steps:

  • Incident Detection: Our monitoring systems constantly track and detect any unusual activity or potential threats to the integrity of our service. This allows us to respond quickly to any incidents.
  • Immediate Mitigation: Upon detecting a security incident, our team will immediately take steps to mitigate the impact, including securing affected systems and preventing further unauthorised access.
  • Notification to Users: In the event of a data breach or security incident affecting user data, we will notify all affected users via email within 72 hours. We will provide details of the breach, including the nature of the data involved and the steps we are taking to resolve the issue.
  • UK ICO Notification: In compliance with UK regulations, if a data breach involves personal data and poses a risk to individuals, we will notify the UK Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach.
  • Post-Incident Review: After addressing the incident, we will conduct a thorough review to determine the root cause and implement any necessary changes to prevent future incidents.

4. User Responsibility

While we implement rigorous security measures, the security of your account also depends on actions taken by you. We ask our users to take responsibility for maintaining the security of their own accounts and follow these best practices:

  • Strong Passwords: Users must use strong, unique passwords for their accounts. We recommend using a password manager to generate and store complex passwords.
  • Two-Factor Authentication (2FA): We encourage users to enable two-factor authentication (2FA) to add an extra layer of security to their accounts. 2FA helps protect your account even if your password is compromised.
  • Account Security: Users are responsible for keeping their account credentials confidential. Do not share your password or account details with anyone, and change your password immediately if you suspect it has been compromised.
  • Phishing Awareness: Be cautious of phishing attempts. We will never ask you to provide your password via email. If you receive suspicious communications, report them to us immediately.

5. Changes to This Security Policy

We may update this Security Policy from time to time to reflect changes in our security practices or legal requirements. We will notify users of any significant changes via email or through our website.

6. Contact Us

If you have any questions or concerns about this Security Policy or our security practices, please contact us at securityandcompliance@safejam.com.