Security at Jeramyl | Data Protection for Small Business

Overview

Your financial data is sensitive. We take that seriously. This page describes the security measures Jeramyl has in place to protect your business data and personal information.

We build on trusted, battle-tested infrastructure and follow security best practices throughout development and operations. No system can be guaranteed completely secure, but we use reasonable safeguards and continuously improve our protections.

Encryption at rest

Data is encrypted at rest and in transit using industry-standard encryption provided by our infrastructure.

TLS in transit

All connections use TLS 1.2+ with HTTPS enforced across all endpoints.

Row-level security

Database policies ensure your data is only accessible by your account.

Secure Authentication

Passwords are never stored in plain text. Authentication uses secure hashing and JWT sessions.

Infrastructure

Jeramyl is hosted on secure, modern cloud infrastructure with encryption, access controls, and environment isolation. Application code runs in isolated serverless functions with DDoS protection, TLS termination, and edge caching.

HTTPS is enforced on all domains — HTTP requests are redirected automatically.
Production and development environments are fully isolated.
Environment variables and secrets are managed securely and never exposed in client-side code.

Data Protection

Encryption at rest

Data is encrypted at rest using industry-standard encryption provided by our infrastructure providers.

Encryption in transit

All connections between clients, the application, and backend services use TLS 1.2 or higher.

Backups

Automated database backups are maintained by our infrastructure providers. Uploaded files are stored with durability and access controls provided by our infrastructure providers.

Data isolation

Row-level security and application-level access controls help ensure users can only access data they are authorized to view.

Access Control

Access to production systems is restricted to Jeramyl's core engineering team. We follow the principle of least privilege — no one has more access than they need.

Jeramyl personnel do not access individual business records except when required for support, security, debugging, legal obligations, or incident response.
Admin access to production systems is restricted and logged.
We use safeguards such as rate limiting, access checks, monitoring, and account suspension to help prevent abuse and unauthorized access.
Passwords are hashed using a secure algorithm. Jeramyl never stores plaintext passwords.
Session tokens expire and are rotated securely.

AI & OCR Processing

Jeramyl uses OCR and AI tools to help you capture and understand your financial data.

OCR scanning: When you scan a receipt, the image is processed temporarily to extract text. The original image is not retained after extraction unless you explicitly attach it to a saved transaction, bill payment, or invoice payment.
AI processing: Extracted text and relevant transaction details may be sent to AI tools to suggest fields such as vendor, date, amount, category, and description. AI providers receive only the data needed to perform the requested task. Original receipt images are not sent to AI providers.
Data minimization: We send only the minimum data required for each task. We do not send your full transaction history for single-document operations.
AI accuracy: AI-generated results — including categorizations, summaries, and insights — should be reviewed by the user before relying on them.

AI and OCR processing is handled by trusted third-party providers that are required to protect your data in accordance with their own privacy and security policies.

Payment Security

Payments for Jeramyl are processed securely by Paddle, our Merchant of Record.

Paddle maintains:

PCI-compliant payment infrastructure
Fraud detection systems
Secure payment processing

Jeramyl does not store or process full payment card details.

Incident Response

If we confirm a security incident that affects user data, we will:

Investigate and contain the incident promptly.
Notify affected users without undue delay and in accordance with applicable law.
Describe the nature of the incident, data affected, and steps taken where we are able to do so.
Take corrective action to prevent recurrence.

Responsible Disclosure

If you discover a security vulnerability in Jeramyl, we ask that you report it responsibly rather than disclosing it publicly before we've had a chance to address it.

Report security vulnerabilities to: support@jeramyl.com. We will acknowledge receipt within 48 hours and work to resolve valid reports promptly.

We ask that you:

Give us reasonable time to investigate and fix the issue before public disclosure.
Avoid accessing or modifying other users' data without permission.
Not perform denial-of-service attacks or automated scanning at scale.

We appreciate responsible disclosure. We may acknowledge valid reports at our discretion.