Investor trust, data security and regulatory compliance are critical to everything we do

When changing your account settings or engaging in business activity, we require you to re-enter your password to ensure that the individual user making the request is the account owner.

Jasper services and data are hosted in Amazon Web Services (AWS) facilities in Australia (ap-southeast-2), as well as Oregon (us-west-2).

Jasper was built with disaster recovery in mind. All of our infrastructure and data are spread across three AWS data centres and will continue to work should any one of those fail. Disaster recovery procedures are regularly tested using real-world scenarios.

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorised requests getting to our internal network. The majority of our internal systems are completely unreachable from the public internet.

Jasper uses Amazon's Aurora granular backup solution for datastores that contain customer data. All actions taken to modify our resources and infrastructure are logged and audited.

Access to investor data is limited to authorised employees who require it for their job. Jasper is served completely over HTTPS. Jasper runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Jasper's network.

All data sent to or from Jasper is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only and score an A rating on Qualys SSL Labs‘ tests. This means we only use strong cypher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.

Jasper uses third-party security tools to continuously scan for vulnerabilities. We engage third-party security experts to perform detailed penetration tests on the Jasper application and infrastructure on an annual basis and upon infrastructural upgrades. Jasper is also in the late stages of launching a 'bug bounty' program, which gives security researchers a platform for testing and submitting vulnerability reports.

Jasper implements a protocol for handling security events which includes, escalation procedures, rapid mitigation, and post-mortem. All employees are informed of our policies.

All access to investor and transaction information by Jasper employees is recorded and audited.

All employees complete security and awareness training annually.

Jasper performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.

All employee contracts include a confidentiality agreement.

Jasper has developed a comprehensive set of security policies covering a range of topics, including the ones mentioned here. These policies are updated frequently and shared with all employees.