Security & Compliance
Investor trust, data security and regulatory compliance are critical to everything we do
All investment offers for financial products made via the Jasper platform are made in accordance with local financial market regulations. We are committed to offering fair, efficient and transparent investment products.
Covenant are an independent and impartial supervisor we appoint to act in the best interests of investors, on every offer. They will hold assets on trust separate from Jasper as the scheme manager, and help ensure Jasper is compliant with legislative requirements.
Jasper uses 256-bit SSL encryption 100% of the time on every device. Our technology is independently audited for vulnerabilities on an ongoing basis. All employee access is recorded and audited. Everything we do is designed to protect your information and investments.
Securing your account
When changing your account settings or engaging in business activity, we require you to re-enter your password to ensure that the individual user making the request is the account owner.
Data hosting and storage
Jasper services and data are hosted in Amazon Web Services (AWS) facilities in Australia (ap-southeast-2), as well as Oregon (us-west-2).
Failover and disaster recovery
Jasper was built with disaster recovery in mind. All of our infrastructure and data are spread across three AWS data centres and will continue to work should any one of those fail. Disaster recovery procedures are regularly tested using real-world scenarios.
Network and application security
Virtual private cloud (VPC)
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorised requests getting to our internal network. The majority of our internal systems are completely unreachable from the public internet.
Backups and monitoring
Jasper uses Amazon's Aurora granular backup solution for datastores that contain customer data. All actions taken to modify our resources and infrastructure are logged and audited.
Permissions and authentication
Access to investor data is limited to authorised employees who require it for their job. Jasper is served completely over HTTPS. Jasper runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Jasper's network.
All data sent to or from Jasper is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only and score an A rating on Qualys SSL Labs‘ tests. This means we only use strong cypher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.
Penetration tests, vulnerability scanning and bug bounty program
Jasper uses third-party security tools to continuously scan for vulnerabilities. We engage third-party security experts to perform detailed penetration tests on the Jasper application and infrastructure on an annual basis and upon infrastructural upgrades. Jasper is also in the late stages of launching a 'bug bounty' program, which gives security researchers a platform for testing and submitting vulnerability reports.
Jasper implements a protocol for handling security events which includes, escalation procedures, rapid mitigation, and post-mortem. All employees are informed of our policies.
Additional security features
All access to investor and transaction information by Jasper employees is recorded and audited.
All employees complete security and awareness training annually.
Jasper performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.
All employee contracts include a confidentiality agreement.
Jasper has developed a comprehensive set of security policies covering a range of topics, including the ones mentioned here. These policies are updated frequently and shared with all employees.