Trust & compliance
Since starting as Click Labs in 2011, Jungleworks has become a global leader in tech solutions for enterprises, turning ideas into reality with our all-in-one platform. We offer products like Yelo, Tookan, Panther, and Hippo to make on-demand business simple and accessible. As a global brand, we prioritize security, ensuring our platform meets the highest international standards, so our clients can grow their businesses with confidence.
We operate under a shared security responsibility model, ensuring that our products and underlying infrastructure meet the highest security standards. While we provide robust security features, we also encourage our customers to configure and manage these settings to align with their unique security requirements, ensuring a secure and reliable experience.
Compliance
To keep our controls strong and help our customers meet compliance needs, we maintain certification in industry-standard Information Security and Privacy practices.
-
SOC 2
Jungleworks is SOC 2 certified, a cybersecurity compliance framework that ensures we protect client data to the highest standards.
-
PCI
Jungleworks is PCI certified, ensuring the safety of cardholder data during transactions. Trusted to protect credit, debit, and prepaid card information.
-
ISO/IEC 27017
Jungleworks is ISO/IEC 27017 certified, a standard that ensures we safeguard cloud environments and minimize the risk of security incidents.
-
ISO 27001
Jungleworks is ISO 27001 certified, an information security standard that ensures we protect sensitive data with robust processes.
-
ISO/IEC 27018
Jungleworks is ISO/IEC 27018 certified, ensuring we protect personal data in public cloud environments and meet global standards.
Security Controls
Product Security
- Availability • High availability setup with regular backups stored in multiple locations for added safety. • Application layer automatically scales to handle extra traffic, whether from a surge or an attack.
-
Access Control
• Configurable Role-Based Access Control (RBAC) with detailed control over user permissions.
• Permission levels within the app can be set for managers.
• Notifications like SMS and emails can be configured and stopped at any time.
•Agents can be added or removed with a single click. - Business Continuity • Strong business continuity and disaster recovery plans ensure operations continue during abnormal conditions or disasters.
- Password and Credential Storage • JungleWorks enforces a password complexity standard and credentials are stored using a PBKDF function (bcrypt).
- Uptime • An uptime of 99.9% or higher. Check our past month stats at uptimerobot.com
Network & Application Security
- Data Hosting and Storage • Services and data are hosted in Amazon Web Services (AWS) facilities (us-west-2) in the USA.
- Virtual Private Cloud • Servers are hosted within a virtual private cloud (VPC) with network access control lists (ACLs) to prevent unauthorized requests from reaching the internal network.
-
Back Ups and Monitoring
• Backup policies are in place for MySQL and MongoDB, with dumps stored on S3 every 6 hours.
• Audit logs are created for all activities, and every action in the production consoles are recorded. -
Permissions and Authentication
• Access to customer data is restricted to authorized employees who need it for their roles.
• All connections are secured with HTTPS, and the zero-trust corporate network grants no additional privileges for being on it. -
Encryption
• All data is encrypted in transit with 256-bit encryption.
• API and application endpoints use TLS/SSL and have an "A+" rating on Qualys SSL Labs, indicating strong cipher suites and fully enabled features like HSTS and Perfect Forward Secrecy. -
Pentests, Vulnerability Scanning and Bug Bounty Program
• Third-party security tools are used for continuous vulnerability scanning, with a dedicated team responding to any issues.
• Quarterly, third-party experts conduct detailed penetration tests on the application and infrastructure.
• Additionally, a bug bounty program with AppSecure allows security researchers to test and report vulnerabilities. - Incident Response • A protocol for handling security events includes escalation procedures, rapid mitigation, and post-mortem analysis, with all employees informed of the policies.
Security questions?
If you think you may have found a security vulnerability, please get in touch with our security team at security@jungleworks.com Learn more about JungleWorks by reading our Terms of Services and Privacy Policy.