This page covers the protection and compliance measures Jaapi takes to ensure the security of your data, including Authenthication, PCI, Data Encryption and more.
Your store can be protected with Password protection and SSO protection. Password protection and SSO protection is is available for all plans, Both methods can be used to protect your Jaapi stores.
Google authenthication or Microsoft Authenthication when enabled, a person with a Personal Account that is a member of the companyt, can use their login credentials to access the store. This feature can be enabled via contacting your account manager.
SOC2
System and Organization Control type 2 (SOC2) is a form of auditing that ensures a cloud service provider manages customer data, and protects privacy. Vercel which is our cloud provider is SOC2 Type 2 compliant.
GDPR
General Data Protection Regulation (GDPR), is a comprehensive EU-wide data protection law that governs the use, sharing, transfer, and processing of EU resident personal data.
Jaapi is GDPR compliant, which means that we commit to the following:
Maintaining appropriate technical and organizational security measures surrounding customer data
Notify our customers without undue delay of any data breaches
Hold our sub-processors to the same level of data protection that we are committed to
Honor our EU customer's right to access and erasure, among others
For more information on how Vercel protects your personal data, and the data of your customers, please refer to our Privacy Policy
PCI
Payment Card Industry Data Security Standard (PCI) is a standard that defines the security and privacy requirements for payment card processing. Jaapi does not store personal credit card information for any of our customers.
We use Stripe to securely process transactions and trust their commitment to best-in-class security.
Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.
The Vercel Edge Network and deployment platform primarily uses Amazon Web Services (AWS), and currently has 18 different regions and an Anycast network with global IP addresses.
In the case of an AWS outage, our network is resilient to regional downtime. Vercel will automatically route traffic to the nearest available edge.
Data encryption
Our cloud provider Vercel encrypts data at rest (when on disk) with 256 bit Advanced Encryption Standard (AES-256). While data is in transit (on route between source and destination), Vercel uses HTTPS/TLS 1.3.
Data backup
Vercel backs-up customer data at an interval of every hour, and each backup is persisted for 30 days. Automatic backups are taken without affecting the performance or availability of the database operations.
All backups are stored separately in a storage service, and those backups are globally replicated for resiliency against regional disasters. If a database instance is deleted, all associated backups are also automatically deleted. Backups are periodically tested by the Vercel engineering team.
We reserve the rights to make changes to this Policy. In the event that the change affects our obligations or your rights, we will inform you about the changes in advance so that you are given the opportunity to take a position on the updated policy.
We have appointed a Data Protection Officer who can answer questions about your rights and other questions about how we process your personal information.
Contact information for Jaapi data protection representative:
Lynn Smeria
lynn@jaapi.store
Jaapi AB is an entity registered in Sweden with its address at Asplyckevägen 32, 41729 Gothenburg.
