Security & Compliance

Investor trust, data security and regulatory compliance are critical to everything we do

Compliance icon

Compliance

All investment offers for financial products made via the Jasper platform are made in accordance with local financial market regulations. We are committed to offering fair, efficient and transparent investment products.

Oversight icon

Oversight

Covenant are appointed as supervisor and custodian on Jasper's funds. As a supervisor they monitor Jasper to ensure we are compliant with any Trust deed, as custodian they hold the certificates of title for the properties on bare trust on behalf of the investors.

Security icon

Security

Jasper uses 256-bit SSL encryption 100% of the time on every device. Our technology is independently audited for vulnerabilities on an ongoing basis. All employee access is recorded and audited. Everything we do is designed to protect your information and investments.

Product security icon

Product security

Securing your account

When changing your account settings or engaging in business activity, we require you to re-enter your password to ensure that the individual user making the request is the account owner.

Data hosting and storage

Jasper services and data are hosted in Amazon Web Services (AWS) facilities in Australia (ap-southeast-2), as well as Oregon (us-west-2).

Failover and disaster recovery

Jasper was built with disaster recovery in mind. All of our infrastructure and data are spread across three AWS data centres and will continue to work should any one of those fail. Disaster recovery procedures are regularly tested using real-world scenarios.

Network and application security icon

Network and application security

Virtual private cloud (VPC)

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorised requests getting to our internal network. The majority of our internal systems are completely unreachable from the public internet.

Backups and monitoring

Jasper uses Amazon's Aurora granular backup solution for datastores that contain customer data. All actions taken to modify our resources and infrastructure are logged and audited.

Permissions and authentication

Access to investor data is limited to authorised employees who require it for their job. Jasper is served completely over HTTPS. Jasper runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Jasper's network.

Encryption

All data sent to or from Jasper is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only and score an A rating on Qualys SSL Labs‘ tests. This means we only use strong cypher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.

Penetration tests, vulnerability scanning and bug bounty program

Jasper uses third-party security tools to continuously scan for vulnerabilities. We engage third-party security experts to perform detailed penetration tests on the Jasper application and infrastructure on an annual basis and upon infrastructural upgrades. Jasper is also in the late stages of launching a 'bug bounty' program, which gives security researchers a platform for testing and submitting vulnerability reports.

Incident response

Jasper implements a protocol for handling security events which includes, escalation procedures, rapid mitigation, and post-mortem. All employees are informed of our policies.

Additional security features icon

Additional security features

Auditing

All access to investor and transaction information by Jasper employees is recorded and audited.

Training

All employees complete security and awareness training annually.

Employee vetting

Jasper performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.

Confidentiality

All employee contracts include a confidentiality agreement.

Policies

Jasper has developed a comprehensive set of security policies covering a range of topics, including the ones mentioned here. These policies are updated frequently and shared with all employees.

Join us and experience a smarter, better way to invest in real estate

Register