Home / Security
Trust & Security

Security at JumboTiger

JumboTiger is built for B2B operators handling resident data, financial transactions, and operational workflows that can't tolerate downtime or data loss. This page summarizes our security posture; we provide a detailed Security Whitepaper and complete vendor security questionnaire on request.

Architecture: dedicated instances

Unlike shared SaaS, every JumboTiger customer gets a dedicated instance, your own database, application servers, and infrastructure. This eliminates noisy-neighbor risks, simplifies data isolation, and lets us tailor security controls to your specific compliance requirements (institutional investor data sovereignty, GDPR data residency, regional privacy laws).

Encryption

  • In transit: TLS 1.3 for all client-server communication; HSTS enforced.
  • At rest: AES-256 encryption for databases, file storage, and backups.
  • Secrets: Managed via cloud-native secret managers; rotated regularly.

Access control

  • SSO (SAML 2.0, OIDC) supported for customer staff accounts
  • Role-based access control (RBAC) within each instance
  • JumboTiger team access to customer instances is logged, time-bound, and consent-required

Backups and disaster recovery

Hourly database snapshots with point-in-time recovery up to 35 days. Cross-region backup replication. Documented DR runbooks with RPO/RTO targets specified in customer agreements.

Data residency

Customer instances are hosted in the region closest to operations (UK, EU, APAC, India). Data does not leave the chosen region without explicit written consent.

Compliance

  • GDPR (UK and EU), Data Processing Agreement available
  • SOC 2 Type II, in progress (target audit completion: Q4 2026)
  • ISO 27001, roadmap, target 2027
  • PCI DSS handled via Stripe / Razorpay tokenization (we don't store card data)

Vulnerability management

Continuous dependency scanning, monthly third-party penetration testing for major releases, and a private bug-bounty channel. Critical patches are deployed within 24 hours; high-severity within 7 days.

Security questions

For security questionnaires, DPA requests, or our Security Whitepaper: mayank@everythingcoliving.com.