How we keep your data secure

 

Jolt’s team of security experts has built a series of policies, procedures, and technologies to help us to meet industry requirements and best practices. 

Below is an explanation of the key ways we keep you data secure.

Jolt Security

 

Data Hosting

Amazon Web Services (AWS) Jolt hosts customer data on Amazon’s secure data centers. Jolt uses all of the AWS’s built-in security, privacy, and redundancy features. AWS continually monitors its data centers for risk and undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations are accredited under ISO 27001, SOC 1 and SOC 2 / SSAE 16/ISAE 3402, PCI Level 1, and FISMA Moderate and Sarbanes-Oxley (SOX).
Encryption Data received by Jolt is encrypted both in transit and at rest. All browser and app connections to Jolt are encrypted in transit using Transport Layer Security (TLS) SHA-256 with RSA Encryption. Jolt’s customer databases are encrypted at rest using Advanced Encryption Standard (AES) 256.

 

Security Programs

 

JOLT EMPLOYEES  
Background Checks All Jolt employees go through a thorough background check (identity, resume, credit, and criminal checks) before hire.
Training While we retain a minimal amount of customer data and limit internal access to a need-to-know basis, all employees are trained on security and data handling to ensure that they uphold our strict commitment to the privacy and security of your data.
Confidentiality All employees at Jolt sign a confidentiality agreement agreeing to security training and compliance with the data confidentiality section of Jolt’s Information Security policy.

 

RELIABILITY & REDUNDANCY

 
Business continuity and disaster recovery Jolt has business continuity and disaster recovery plans in place that replicate our database and backup the data to ensure high availability.

 

SOFTWARE DEVELOPMENT LIFECYCLE

 
Routine Audits Jolt continuously scans our systems for service interruptions, performance degradation, and security vulnerabilities. Incidents immediately trigger alerts to our engineers to take action.
New Releases New Jolt mobile app and Web portal releases are thoroughly reviewed and tested to ensure high availability. Changes to Jolt code includes unit, integration, and end-to-end testing. 
Quality Assurance Testing Code changes are also manually peer reviewed by one or more members of the Jolt engineering team. Next the Jolt Quality Assurance team thoroughly tests the change for expected impact to the user experience.
Continual Monitoring After software code changes are released, Jolt continues to monitor the application and log any exceptions.

 

VULNERABILITY CONTROL

 
Mobile Device Management Jolt secures each employee computer using mobile device management to ensure each device meets our high standard for information security. This includes items like password management, file encryption, and multi-factor authentication.
Vulnerability Scanning Jolt continually monitors and tests for new vulnerabilities. This allows the company to keep its systems up-to-date with the latest security patches.

Security Compliance

affiliate-icon
SOC 2 Type 1 & 2

SOC 2 is one of the most rigorous security frameworks. We have obtained SOC 2 Type 1 audit with no exceptions and will complete the Type 2 audit in October 2022.

affiliate-icon
PCI Compliance

We are PCI compliant through our payment processor, Stripe, which encrypts and stores credit card details.

affiliate-icon
GDPR

Jolt is compliant with the European Union's Global Data Protection Regulation (GDPR), and all U.S. state and federal privacy laws.

affiliate-icon
HIPAA

Jolt's software is compliant with the Health Insurance Portability and Accountability Act (HIPAA) which protects individually identifiable health information.

More Security Information

Learn more about Jolt's solutions: