Security & compliance

Investor trust, security and regulatory compliance are critical to everything we do

compliance image

Compliance

All investment offers for financial products made via the Jasper platform will be made in accordance with local financial market regulations. We are committed to offering fair, efficient, and transparent investment products.

oversight image

Oversight

We will appoint an independent and impartial supervisor to act in the best interests of investors, on every offer. They will hold assets on trust separate from Jasper as the scheme manager, and ensure Jasper is compliant with legislative requirements.

security image

Security

Jasper uses 256-bit SSL encryption every time, on all devices. Our technology is independently audited for vulnerabilities on an ongoing basis. All employee access is recorded and audited. Everything we do is designed to protect your information and investments.

Product security icon

Product security

Securing your account

When changing your account settings or engaging in business activity, we require you to re-enter your password to ensure that the individual user making the request is the account owner.

Data hosting and storage

Jasper services and data are hosted in Amazon Web Services (AWS) facilities in Australia (ap-southeast-2), as well as Oregon (us-west-2).

Failover and disaster recovery

Jasper was built with disaster recovery in mind. All of our infrastructure and data are spread across three AWS data centres and will continue to work should any one of those fail. Disaster recovery procedures are regularly tested using real-world scenarios.

Product security icon

Network and application security

Virtual private cloud (VPC)

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorised requests getting to our internal network. The majority of our internal systems are completely unreachable from the public internet.

Backups and monitoring

Jasper uses Amazon's Aurora granular backup solution for datastores that contain customer data. All actions taken to modify our resources and infrastructure are logged and audited.

Permissions and authentication

Access to investor data is limited to authorised employees who require it for their job. Jasper is served completely over HTTPS. Jasper runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Jasper's network.

Encryption

All data sent to or from Jasper is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only and score an A rating on Qualys SSL Labs‘ tests. This means we only use strong cypher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.

Penetration tests, vulnerability scanning and bug bounty program

Jasper uses third-party security tools to continuously scan for vulnerabilities. We engage third-party security experts to perform detailed penetration tests on the Jasper application and infrastructure on an annual basis and upon infrastructural upgrades. Jasper is also in the late stages of launching a ‘bug bounty’ program, which gives security researchers a platform for testing and submitting 
vulnerability reports.

Incident response

Jasper implements a protocol for handling security events which includes, escalation procedures, rapid mitigation, and post-mortem. All employees are informed of our policies.

Product security icon

Additional security features

Auditing

All access to investor and transaction information by Jasper employees is recorded and audited.

Training

All employees complete security and awareness training annually.

Employee vetting

Jasper performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.

Confidentiality

All employee contracts include a confidentiality agreement.

Policies

Jasper has developed a comprehensive set of security policies covering a range of topics, including the ones mentioned here. These policies are updated frequently and shared with all employees.

It’s a new and better way to invest in commercial real estate

Register

Please note: Jasper's service offering is still in its development phase and subject to regulatory compliance.