Ernst young has audited a Service Organization Control Report (SOC2 Type II) for JFrog which will help you understand the controls that have been established to support operations and compliance at JFrog. The report is validated and updated annually and is a key document that demonstrates and evidences the ways that JFrog achieves and maintains compliance and controls objectives, on an ongoing basis.
JFrog is SOC2 Type II compliant and the corresponding report is available for review upon request. to review the report, please contact email@example.com.
Credit card transactions are handled with the security measures specified in the Payment Card Industries Data Security Standard to keep your credit card information safe. A Qualified ecurity Assessor (QSA) evaluates JFrog compliance with PCI DSS annually and we are currently certified for compliance with PCI DSS v3.2, SAQ A.
JFrog is certified under the Information Security Management Systems standard ISO 27001, the global standard for IT security management policies. ISO 27001 is designed to cover much more than just IT – it is a framework of policies and procedures that includes people, processes and IT systems by applying a risk management process. For more information regarding the certification of ISO 27001 at JFrog, please contact firstname.lastname@example.org.
GDPR, CCPA AND PRIVACY @ JFROG
JFrog has taken best practice measures to ensure compliance with the European Union’s General Data Privacy Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our compliance team has guided the way for JFrog employees worldwide to safely care for Personal Identifiable Information (PII), in accordance with the guidelines of the GDPR and the CCPA.
We only collect the minimal Personal Identifiable Information required for us to provide our services and to engage with the community. JFrog has established the following safeguards:
- PII is only collected if the subject has given prior consent
- PII is only transmitted over a public network in an encrypted format
- PII is only accessible by authorized personnel
- We prohibit the storage of PII on JFrog workstations, mobile devices, and portable storage
Data centers and main subcontractors
To provide the best user experience, we only engage top-tier vendors dedicated to privacy and security values and standards, including the largest cloud hosts and service providers in the market. Our vendors apply various controls to secure data including the use of secured data centers and compliance with the strictest certifications and accreditations.
For further information see: