← Back to jinen.ai
Security
Last updated: April 19, 2026
Security is a first-class concern at Jinen. Here's how we protect your data and what to do if you find a vulnerability.
Encryption
- In transit: All communication between your browser and Jinen — including WebSocket connections — uses TLS 1.2 or higher. HTTPS is enforced via CloudFront; HTTP requests are redirected automatically.
- At rest: Data stored in our databases and file storage (AWS S3, RDS) is encrypted using AES-256 with AWS-managed keys.
Infrastructure
Jinen runs on Amazon Web Services (AWS) in the US-East-1 region. Our stack includes:
- ECS Fargate for compute — no persistent server access required
- RDS PostgreSQL for the database — not publicly accessible; accessed only via VPC
- S3 for file and site storage — per-tenant path prefixes with IAM-scoped access
- CloudFront CDN for edge delivery of the frontend and project sites
- AWS Cognito for authentication
Production access is restricted to authorized personnel via IAM roles. We apply the principle of least privilege throughout.
Application Security
- All project data is scoped per account with row-level access controls on every query
- Rate limiting is applied to all API endpoints, with stricter limits on authentication routes
- Dependencies are kept up to date and audited regularly
- Media uploaded by users is validated and sanitized before processing
Compliance (Planned)
We are working toward SOC 2 Type II certification. We will publish our report when available. For enterprise or compliance inquiries, email support@jinen.ai.
Responsible Disclosure
Found a vulnerability? Please email security@jinen.ai with a description of the issue and steps to reproduce. We'll acknowledge your report within 48 hours and keep you informed as we investigate. We ask that you give us reasonable time to address issues before public disclosure. We genuinely appreciate responsible disclosures and will credit researchers who help us improve.