JewelshotBack to Home
Enterprise-Grade Security

Your Data Security is Our Priority

We implement industry-leading security practices to protect your images, data, and business. Here's how we keep everything safe.

Security at Every Layer

End-to-End Encryption

All data is encrypted using TLS 1.3 in transit and AES-256 at rest.

SOC 2 Type II Infrastructure

Our infrastructure providers (Supabase, Vercel) maintain SOC 2 Type II compliance.

Secure Authentication

Passwords hashed with bcrypt, optional 2FA, and OAuth integration.

24/7 Monitoring

Continuous security monitoring with automated threat detection.

DDoS Protection

Enterprise-grade DDoS mitigation powered by Vercel and Cloudflare.

Regular Audits

Periodic security assessments and penetration testing.

All Systems Operational

No security incidents in the past 90 days

View Status Page

Security Practices

Data Protection

  • All customer data encrypted at rest using AES-256
  • Encryption in transit via TLS 1.3
  • Database backups encrypted and geo-redundant
  • Automatic data retention policies
  • Secure deletion upon account termination

Access Control

  • Role-based access control (RBAC)
  • Principle of least privilege for all team members
  • Multi-factor authentication for admin access
  • Detailed audit logs of all access
  • Automatic session timeout

Application Security

  • OWASP Top 10 vulnerability protection
  • SQL injection and XSS prevention
  • CSRF protection on all forms
  • Rate limiting on all API endpoints
  • Input validation and sanitization

Infrastructure

  • Serverless architecture reduces attack surface
  • Automatic security patches and updates
  • Network isolation and firewalls
  • Container security scanning
  • No direct database access from internet

Compliance & Certifications

GDPR Compliant
SOC 2 Type II (via providers)
CCPA Compliant
ISO 27001(In Progress)

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a potential security issue, please report it responsibly. We appreciate your help in keeping Jewelshot safe for everyone.

Report a vulnerability

How We Handle Your Images

1

Upload

Your images are uploaded over an encrypted connection (TLS 1.3) and stored temporarily in our secure processing queue.

2

Processing

Images are processed by our AI in isolated environments. No human reviews your images unless you request support.

3

Storage

Generated images are stored in your personal gallery, encrypted at rest. Original uploads are deleted after processing unless you choose to keep them.

4

Deletion

You can delete any image at any time. When deleted, images are immediately removed from our active systems and purged from backups within 30 days.

Security Questions?

Our security team is here to help with any concerns.

Contact Security Team