|Amazon Web Services (AWS)||Jolt hosts customer data on Amazon’s secure data centers. Jolt uses all of the AWS’s built-in security, privacy, and redundancy features. AWS continually monitors its data centers for risk and undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations are accredited under ISO 27001, SOC 1 and SOC 2 / SSAE 16/ISAE 3402, PCI Level 1, and FISMA Moderate and Sarbanes-Oxley (SOX).|
|Encryption||Data received by Jolt is encrypted both in transit and at rest. All browser and app connections to Jolt are encrypted in transit using Transport Layer Security (TLS) SHA-256 with RSA Encryption. Jolt’s customer databases are encrypted at rest using Advanced Encryption Standard (AES) 256.|
|Background Checks||All Jolt employees go through a thorough background check (identity, resume, credit, and criminal checks) before hire.|
|Training||While we retain a minimal amount of customer data and limit internal access to a need-to-know basis, all employees are trained on security and data handling to ensure that they uphold our strict commitment to the privacy and security of your data.|
|Confidentiality||All employees at Jolt sign a confidentiality agreement agreeing to security training and compliance with the data confidentiality section of Jolt’s Information Security policy.|
RELIABILITY & REDUNDANCY
|Business continuity and disaster recovery||Jolt has business continuity and disaster recovery plans in place that replicate our database and backup the data to ensure high availability.|
SOFTWARE DEVELOPMENT LIFECYCLE
|Routine Audits||Jolt continuously scans our systems for service interruptions, performance degradation, and security vulnerabilities. Incidents immediately trigger alerts to our engineers to take action.|
|New Releases||New Jolt mobile app and Web portal releases are thoroughly reviewed and tested to ensure high availability. Changes to Jolt code includes unit, integration, and end-to-end testing.|
|Quality Assurance Testing||Code changes are also manually peer reviewed by one or more members of the Jolt engineering team. Next the Jolt Quality Assurance team thoroughly tests the change for expected impact to the user experience.|
|Continual Monitoring||After software code changes are released, Jolt continues to monitor the application and log any exceptions.|
|Mobile Device Management||Jolt secures each employee computer using mobile device management to ensure each device meets our high standard for information security. This includes items like password management, file encryption, and multi-factor authentication.|
|Vulnerability Scanning||Jolt continually monitors and tests for new vulnerabilities. This allows the company to keep its systems up-to-date with the latest security patches.|
SOC 2 Type 1 & 2
SOC 2 is one of the most rigorous security frameworks. We have obtained SOC 2 Type 1 audit with no exceptions and will complete the Type 2 audit in October 2022.
We are PCI compliant through our payment processor, Stripe, which encrypts and stores credit card details.
Jolt is compliant with the European Union’s Global Data Protection Regulation (GDPR), and all U.S. state and federal privacy laws.
Jolt’s software is compliant with the Health Insurance Portability and Accountability Act (HIPAA) which protects individually identifiable health information.