The purpose of this article is to answer the most frequently asked questions we get from potential customers about privacy, security, our policies, and other related issues.
Before we begin it is important to note that Jitbit is:
We do not have any third party security or other third-party certifications at the moment. Most of them cost $30k or more and require around a year to complete. We are a small company and prefer to spend our resources on making our product better, not dealing with legal formalities.
We understand that this is a deal-breaker for some companies. Security is and has always been one of our top priorities - we just don't have an official third-party confirmation at the moment.
Jitbit is a small remote-only company. We are bootstrapped - no external investments, we are funded only by our customers. We are profitable and have been in business since 2005. Our flagship product - Jitbit Helpdesk - has been in active development since 2009. We do not have any subsidiary relationships with other companies.
Other information, like the number of employees, annual turnover, etc. is not public. However, feel free to check out an interview with our founder.
At this point, we have customers in most industries. Check out the customer list.
Yes, we are. More information here.
Also yes. Here is more information.
No, we have not.
Yes, but they share other duties as well
We cannot, sorry. They are not intended for public use. We do have policies for some things like breach notifications, disaster recovery, incident response plans, etc.
The only third-party that will have access to our servers is Amazon. We host everything on AWS in North Virginia. However they do not have access to your data, since it is encrypted. We have all the necessary paperwork signed with them. They do have a SOC 2 Type 2 report.
Data never leaves Amazon data centers at any point.
Data is separated in business logic.
Yes, data is encrypted at all times. Backups are also encrypted.
It is described in detail here.
No, sorry. It is not intended for public use.
Only one IP address in the world has any kind of access to our servers - it is our secure VPN server. Only a very limited number of people have access to the VPN. Any other connections to anything besides the HTTP and FTP are blocked from the outside world by multiple firewalls.
Yes, we do. It is a crucial part of our infrastructure.
Yes. We have a lot of alerts set up for everything and we get an instant notification when something suspicious is going on.
Yes, on the weekly basis.
Yes, regularly. Both third-party and in-house. An example report can be found here.
Yes to all of those (and other related) questions. We do follow the current best practices in software development.
No. We believe that keeping things like this private leads to a more secure environment.
Yes, they are on separate servers.
Last updated: 10/29/2020 more SaaS Help Desk whitepapers