Skip to content
Your date security is our priority

Earning our customers’ trust

Jellyfish is committed to earning and maintaining the trust of our customers and employees through transparency, security, compliance and privacy.

Your data security is our priority

Jellyfish is proactive about data security and compliance to ensure your important data is always secure and confidential. We regularly perform both vulnerability assessments and penetration tests with third party security auditors. In addition, Jellyfish maintains an audited Service Organization Controls (SOC 1 Type II and SOC 2 Type II) attestations.

Our security measures

Organizational security & personnel

Jellyfish maintains a strong security culture within the organization. All Jellyfish personnel are screened prior to employment and receive security training on an annual basis.

Written Information Security Policy (WISP)

Jellyfish has a rigorous set of policies that the organization follows to ensure consistent practices and to protect Jellyfish and its customers’ confidentiality.

Data center & network security

The Jellyfish platform is hosted entirely within the Amazon Web Services (AWS) secure cloud. AWS aligns with various compliance standards. The Jellyfish Security Team has implemented rigorous network security controls, and has established robust monitoring and alerting for anomalies, unusual user behavior, performance, availability, and other issues to minimize the threat of a security incident.

Internal R&D processes

Jellyfish’s Secure Software Development Life Cycle (SDLC) is designed to allow software to meet customer expectations while also having an appropriate level of security that adheres to security best practices. The company’s testing platform performs tests for quality assurance including ongoing vulnerability and penetration testing.

Customer data security

All data is encrypted both in transit (using TLS 1.2+) and at rest (AES 256-bit). We follow the NIST Cybersecurity Framework (CSF) guidelines for data security and password protection practices.

Identity & access management

Jellyfish has mature Identity and Access Management practices. Jellyfish follows a policy of least privilege and uses role-based access controls to manage employee access to company infrastructure, systems, and customer data. Access Control reviews are performed regularly by the Jellyfish Security Team.

Change management

Jellyfish has an established methodology to manage changes to infrastructure and platform. All changes to any system or service are reviewed, approved, and well communicated. The rigorous change management process is designed to prevent unintended service disruptions and maintain the integrity of the services provided to customers.

Audits & attestation reports

Jellyfish is committed to participating in an annual SOC 2 Type II audit with an accredited auditor, is SOC 1 Type II compliant, and makes available attestation reports. In addition, Jellyfish performs regular third-party vulnerability and penetration tests of our infrastructure and systems.

Vulnerability reporting

If you think you have found a security vulnerability, please send a report to

Security Advisories & Bulletins


As part of our security program, Jellyfish has defined and documented our security policies. Jellyfish can make our policies and documentation available to all customers and potential customers including: penetration testing reports, security policy documentation, and our SOC 1 and SOC 2 attestation reports.

View our CSA Star Registry entry