Jitbit Helpdesk Security and Privacy FAQ
Security-conscious teams evaluating a SaaS helpdesk need clear answers about how their data is stored, encrypted, and protected. This page answers the most frequently asked privacy and security questions we receive from prospective customers about Jitbit Helpdesk.
Before we begin, two things worth knowing about Jitbit:
- We are a remote-only company. We do not have physical offices, so many of the usual questions about on-site physical security do not apply. Our security posture is built around hardened cloud infrastructure and strict access controls instead.
- We are a small, focused team. Only a very limited number of people have access to production servers. Fewer people with access means a smaller attack surface.
General Security and Compliance Questions
Do you hold SOC 2, CSA, ISO, or other security certifications?
We do not currently hold third-party security certifications such as SOC 2, CSA, or ISO 27001. Most of these programs cost $30,000 or more and require roughly a year to complete. As a bootstrapped company, we invest those resources into making the product more secure and more useful rather than pursuing formal audits.
We understand this is a deal-breaker for some organizations. Security has been one of our top priorities since we launched in 2005 — we simply do not have an official third-party stamp yet. If you have specific security questionnaires or requirements, contact us and we will work through them with you.
Where can I find your privacy policy and terms of service?
What is Jitbit's company structure?
Jitbit is a bootstrapped, remote-only software company — no external investors, funded entirely by our customers. We have been profitable and in business since 2005. Our flagship product, Jitbit Helpdesk, has been in active development since 2009. We do not have any subsidiary relationships with other companies.
For more background, see this interview with our founder.
Do you serve customers in healthcare, higher education, and government?
Yes. Jitbit Helpdesk is used across virtually every industry, including healthcare, K-12 and higher education, government, financial services, and more. Check out our customer list for examples.
Is Jitbit Helpdesk HIPAA compliant?
Yes. We sign Business Associate Agreements (BAAs) and meet the technical safeguards required for HIPAA compliance. See our full HIPAA-compliant helpdesk page for details.
Is Jitbit Helpdesk GDPR compliant?
Yes. We comply with the General Data Protection Regulation, including data subject rights and Data Processing Agreements. Read more about our GDPR compliance.
Has Jitbit ever experienced a data breach?
No. In over 20 years of operation, Jitbit has never experienced a significant security breach.
Do you have dedicated information security personnel?
Yes. We have team members responsible for information security. In a small company like ours, they share other engineering duties as well, which gives them direct visibility into the codebase and infrastructure.
Which security policies can you share publicly?
The following policies are available publicly. Remaining internal policies are not intended for external distribution.
- Software Development Life Cycle (SDLC) Policy for SaaS Solutions
- External Penetration Testing Policy
Do you have a Business Continuity Plan?
Yes. Our full plan is available here: Jitbit Business Continuity Plan.
Data Privacy and Encryption
Will any third parties have access to my data?
The only third party with physical access to our servers is Amazon Web Services (AWS). We host everything on AWS in the US-East (North Virginia) region. Amazon does not have access to your actual data because it is encrypted at rest. We have all the necessary agreements in place with AWS, and they maintain a SOC 2 Type 2 report.
Your data never leaves Amazon data centers at any point.
Is customer data logically separated from other tenants?
Yes. Each customer's data is logically separated through application-level business logic, ensuring that one tenant can never access another tenant's tickets, users, or attachments.
Is helpdesk data encrypted in transit and at rest?
Yes. All data is encrypted at all times, and backups are encrypted as well. Here are the specifics:
- Encryption at rest: AES-256
- Encryption in transit: TLS 1.2 / TLS 1.3
- Key length: 4096-bit
- Cipher strength: 256-bit
What is your data backup policy?
Our backup policy covers daily automated backups, off-site replication, and tested recovery procedures. Full details are available on the SaaS Helpdesk backup policy page.
Network and Application Security
Can you share your infrastructure diagram?
No. We keep infrastructure diagrams confidential. Limiting public exposure of our architecture is a deliberate security measure.
What network security measures does Jitbit use?
Only one IP address in the world has any kind of administrative access to our production servers — our secure VPN endpoint. Only a very limited number of team members have VPN credentials. All connections to anything besides HTTP/HTTPS are blocked from the outside by multiple layers of firewalls.
Does Jitbit use a Web Application Firewall (WAF)?
Yes. A Web Application Firewall is a crucial component of our infrastructure, filtering malicious traffic before it reaches the application layer.
Do you monitor for intrusions around the clock?
Yes. We have extensive alerting configured across our infrastructure and receive instant notifications when anything suspicious is detected. Monitoring runs 24/7/365.
How often are servers patched and updated?
We apply security patches and system updates on a weekly basis.
Does Jitbit perform penetration testing?
Yes, regularly — both through third-party security firms and in-house testing. An example penetration test report is available here.
See also our External Penetration Testing Policy.
Does the helpdesk app support idle session logout?
Yes. Administrators can enforce idle logout by enabling the "Disable remember-me checkbox" option under Admin → General Settings → Security. When enabled, user sessions expire after a period of inactivity.
Are your developers trained in secure coding? Do you conduct code reviews and automated testing?
Yes to all of the above. Our development team follows current best practices in secure software development, including mandatory code reviews and automated test suites that run on every deployment.
See our Software Development Life Cycle (SDLC) Policy for more detail.
Can you provide overall system or application architecture diagrams?
No. We keep architectural documentation confidential. Restricting public access to detailed system diagrams is a security best practice that we follow consistently.
Are databases segregated from front-end application servers?
Yes. Our database servers and web application servers run on separate, isolated machines.
Ready to Evaluate Jitbit Helpdesk?
If your team needs a secure, privacy-focused helpdesk that runs on enterprise-grade AWS infrastructure with AES-256 encryption and strict access controls, start a free 21-day trial — no credit card required. Have more security questions? Reach out to our team and we will answer them directly.
Features
9 reasons to choose Hosted Zendesk vs. Jitbit What is SaaS Active Directory Authentication Cloud Help Desk Free Email account and more Authentication API Online Ticketing System Benefits Single Sign On SLA and Help Desk Automation Helpdesk API Helpdesk for your industryResources
Customer reviews User guide FAQ What's new Version history Free trial Pricing