Security Policy

On this page

From confidential customer details, to payment information or simply product catalogues, our Merchants trust us to keep their data secure, private, and available whenever they need it. We take that responsibility seriously. At Jumpseller, we maintain a security system that:

Prevents all unauthorized access;
Supports continuous monitoring for potential vulnerabilities; and
Embraces ongoing, proactive improvement to stay on top of the latest security tools and threats.

Data Protection

In Transit

All merchant and customers data including names, shipping, billing addresses, ordered products information and payment information are sent using industry best practices regarding traffic: specifically, we use TLS 1.2 secure channels and support both 128-bit or 256-bit configurations, depending on the browser. SSL version 2 and SSL version 3 are never used in our systems. We strictly enforce the use of modern, secure protocols to protect data integrity and confidentiality.

At Rest

We use Amazon Web Services (AWS) servers to host all user data. We make extensive use of their built-in firewalls and virtual private networks to protect your data against unauthorized remote access. AWS data centers undergo annual certifications to ensure they meet the highest standards of physical and virtual security. You can read more about AWS security practices.

Data Reliability

All user data is automatically backed up on AWS servers with multiple redundant copies. Additionally, Jumpseller creates independant automatic system full backups every day. User activity to this backups and other sensitive date is recorded for audit purposes under AWS CloudTrail.

Data Privacy

We make it a priority to be transparent in how we collect, use, and handle your information when you use our website and software. Please see our full Privacy Policy for more details.

Report a Vulnerability

If you discover any security vulnerability in Jumpseller, please email us: security@jumpseller.com. We’ll do our best to fix it right away. We reward and welcome the discovery of vulnerabilities in the system by any security researcher, read more at OpenBugBounty.

Accesses

For Merchants

We verify Merchant’s account access through a combination of store-code/email/password-based authentication via OAuth 2.0. We offer and recommend using 2FA authentication to all merchants.

When email/password-based authentication is used, we always store individuals passwords with unique salts to add an extra layer of protection to your account.

We also use automated challenge–response tests, to avoid robots or automations to force our authentication systems.

For Customers

We verify Customers’s account access through a combination of email/password-based authentication. We use unique salts on passwords to add an extra layer of protection.

We also use automated challenge–response tests, to avoid robots or automations to force our authentication systems.

To Infrastructure

For Identity and Access Management to our production systems we rely on AWS IAM. Role levels and/or granular privileges are granted to only key personnel.

Infras Access

Incident Management and Disaster Recovery

We practice regular recovery drills.
We perform hourly backups of all databases and files are backed up automatically after they are uploaded to Jumpseller. Our backups are tested on a regular basis and are stored on multiple A-Z locations plus an off-site for at least 30 days.
We have procedures for responding to incidents managed by our dedicated Infrastructure Team.
In the event of an incident, we would contact your account owner and work with you throughout.

External Audits

We engage with external security experts who periodically perform security audits;
We are commited on clarify and/or resolve any relevant issue found by external auditors;
We currently do not hold external certifications for SAS 70, SSAE 16, SOC 2, SOC 3, ISO 27001;
More details about past audits can be given via security@jumpseller.com.

Last Reviewed on 30th March, 2023.