Security — Jeramyl

Overview

Your financial data is sensitive. We take that seriously. This page describes the security measures Jeramyl has in place to protect your business data and personal information.

We build on trusted, battle-tested infrastructure and follow security best practices throughout development and operations.

Encryption at rest

Data is encrypted at rest and in transit using industry-standard encryption provided by our infrastructure.

TLS in transit

All connections use TLS 1.2+ with HTTPS enforced across all endpoints.

Row-level security

Database policies ensure your data is only accessible by your account.

Secure Authentication

Passwords are never stored in plain text. Authentication uses secure hashing and JWT sessions.

Infrastructure

Jeramyl is hosted on secure, modern cloud infrastructure with encryption, access controls, and environment isolation. Application code runs in isolated serverless functions with DDoS protection, TLS termination, and edge caching.

HTTPS is enforced on all domains — HTTP requests are redirected automatically.
Production and development environments are fully isolated.
Environment variables and secrets are managed securely and never exposed in client-side code.

Data Protection

Encryption at rest

All database data and file storage is encrypted at rest using AES-256.

Encryption in transit

All connections between clients, the application, and backend services use TLS 1.2 or higher.

Backups

Automated database backups are maintained by our infrastructure providers. Uploaded files are durable across availability zones.

Data isolation

Row-level security (RLS) is enabled on all database tables. Queries from one user cannot return another user's data.

Access Control

Access to production systems is restricted to Jeramyl's core engineering team. We follow the principle of least privilege — no one has more access than they need.

No Jeramyl employee has routine read access to individual user financial records.
Admin access to production databases is gated and logged.
Passwords are hashed using a secure algorithm. Jeramyl never stores plaintext passwords.
Session tokens expire and are rotated securely.

AI Processing

Jeramyl uses a trusted AI inference provider to process receipts, suggest transaction categories, and generate business insights. When you upload a receipt or request an AI report, relevant data is sent over an encrypted connection.

We send only the minimum data required for each task. We do not send your full transaction history for single-document operations.

AI data processing is handled by third-party providers that are required to protect your data in accordance with their own privacy policies.

Payment Security

Payments for Jeramyl are processed securely by Paddle, our Merchant of Record.

Paddle maintains:

PCI-compliant payment infrastructure
Fraud detection systems
Secure payment processing

Jeramyl does not store or process full payment card details.

Incident Response

If we detect or are notified of a security incident that affects user data, we will:

Investigate and contain the incident promptly.
Notify affected users by email within 72 hours of confirming a breach that exposes personal data.
Describe the nature of the breach, data affected, and steps taken.
Take corrective action to prevent recurrence.

Responsible Disclosure

If you discover a security vulnerability in Jeramyl, we ask that you report it responsibly rather than disclosing it publicly before we've had a chance to address it.

Report security vulnerabilities to: support@jeramyl.com. We will acknowledge receipt within 48 hours and work to resolve valid reports promptly.

We ask that you:

Give us reasonable time to investigate and fix the issue before public disclosure.
Avoid accessing or modifying other users' data without permission.
Not perform denial-of-service attacks or automated scanning at scale.

We appreciate responsible disclosure and will acknowledge contributors who follow these guidelines.

Security at Jeramyl