Compliance & Privacy at JFrog

At JFrog, we take the privacy, security and integrity of your data seriously.
We adhere to industry standards and comply with relevant security and safety regulations to ensure the security of your data. We are also dedicated to enabling you to comply with your own internal security policies.

SOC 2

Ernst young has audited a Service Organization Control Report (SOC2 Type II) for JFrog which will help you understand the controls that have been established to support operations and compliance at JFrog. The report is validated and updated annually and is a key document that demonstrates and evidences the ways that JFrog achieves and maintains compliance and controls objectives, on an ongoing basis.

JFrog is SOC2 Type II compliant and the corresponding report is available for review upon request. to review the report, please contact privacy@jfrog.com.

PCI DSS

Credit card transactions are handled with the security measures specified in the Payment Card Industries Data Security Standard to keep your credit card information safe. A Qualified ecurity Assessor (QSA) evaluates JFrog compliance with PCI DSS annually and we are currently certified for compliance with PCI DSS v3.2, SAQ A.

ISO 27001

JFrog is currently implementing processes and policies to be certified under the Information Security Management Systems standard ISO 27001, the global standard for IT security management policies. For more information regarding the implementation of ISO 27001 at JFrog, please contact privacy@jfrog.com.

GDPR AND PRIVACY @ JFROG

JFrog has taken best practice measures to ensure compliance with the European Union’s General Data Privacy Regulation (GDPR). Our compliance team has guided the way for JFrog employees worldwide to safely care for Personal Identifiable Information (PII), in accordance with the guidelines of the GDPR.

We only collect the minimal Personal Identifiable Information required for us to provide our services and to engage with the community. JFrog has established the following safeguards:

  • PII is only collected if the subject has given prior consent
  • PII is only transmitted over a public network in an encrypted format
  • PII is only accessible by  authorized personnel
  • We prohibit the storage of PII on JFrog workstations, mobile devices, and portable storage
    devices.

You can learn more about the way we handle PII  in our Privacy Policy.
For any questions regarding GDPR and Privacy @ JFrog, please contact privacy@jfrog.com

Data centers and main subcontractors

To provide the best user experience, we only engage top-tier vendors dedicated to privacy and security values and standards, including the largest cloud hosts and service providers in the market. Our vendors apply various controls  to secure data including the use of secured data centers and compliance with the strictest certifications and accreditations.

For further information see:

> Amazon Web Services (AWS)
> Microsoft Azure
> Google Cloud Platform (GSP)
> IBM cloud (SoftLayer)
> Salesforces
> Marketo
> NetSuite

Trust @JFrog

Our SaaS products are based on a high availability architecture with no single point of failure. You can see the status of our servers at any time at:

http://status.bintray.com/

http://status.artifactoryonline.com/

 

For more information about compliance @JFrog , please visit our blog.