Trust & Compliance

Security and Compliance
at JIFFYAI

Independently audited, continuously monitored, and built for the security requirements of Tier-1 financial institutions.

Contact Our Security Team

7+ Certifications

SOC 2 Type II Annually

ISO 42001 AI Governance — 2026

24/7 Security Monitoring

Independently Verified

Our Certifications

Every certification reflects real operational controls, not paper compliance.

SOC 2 Type II Compliance

Annual independent examination of our security, availability, and confidentiality controls. The current report is available to customers and prospects under NDA upon request.

SOC 1 Type II Compliance

Annual examination of controls relevant to customer financial reporting, demonstrating our commitment to transparency and accountability in financial processes.

ISO/IEC 27001:2022 Certification

Certified to the 2022 edition of the international standard for Information Security Management Systems — the current and most stringent version of the standard, covering our cloud infrastructure, product development, and customer data operations.

ISO 27701 Certification

Privacy extension to ISO 27001, establishing our Privacy Information Management System (PIMS). Demonstrates compliance with GDPR and global data privacy requirements for both PII Controllers and Processors.

GDPR Compliance

Compliant with the EU General Data Protection Regulation. We design our platform with data minimisation principles and have updated our Privacy Policy, Cookie Policy, and Terms of Service in alignment with GDPR requirements.

HIPAA Compliance

Aligned with US Federal standards for protecting sensitive healthcare information. Business Associate Agreements (BAAs) are available for customers in healthcare-adjacent industries.

In Progress

ISO 42001 — AI Management System

JIFFYAI is among the first enterprise automation SaaS providers to pursue ISO 42001 — the world's first international standard for AI governance. Implementation is complete with a certification audit scheduled for August 2026.

In Progress

CSA STAR — Cloud Security

JIFFYAI has submitted the Cloud Security Alliance STAR self-assessment, with our registry listing in progress. CSA STAR provides cloud-specific transparency beyond ISO 27001, addressing shared responsibility and data residency controls.

AI Governance

Enterprise-grade AI
you can trust

As AI becomes a core component of enterprise automation, JIFFYAI has built a formal AI governance programme aligned to ISO 42001. Every AI model on the platform runs through AWS Bedrock with Guardrails enabled — and customer data is never used to train or improve any AI model.

AWS Bedrock Bedrock Guardrails Prompt injection controls Immutable AI audit logs Human oversight controls No training on customer data

ISO 42001 AI Management System

Formal AI risk assessments, AI Impact Assessments, and supplier accountability for all external AI providers.

Human oversight, always on

All consequential AI actions require human review and approval. No AI operates autonomously without a defined oversight gate.

Immutable AI audit trail

Every AI interaction — input, output, model version, and timestamp — is logged and retained for compliance review.

Data Protection

Your data stays yours

JIFFYAI acts as a data processor for customer data. We do not sell, share, or monetise your data. Customer data is hosted in designated AWS regions, encrypted at rest with AES-256 and in transit with TLS 1.3, with per-customer encryption keys.

Transparency

Sub-processors

We maintain a public list of every third-party sub-processor that may access customer data — including cloud providers, AI model providers, and operational tools. The list is updated whenever material changes are made.

View sub-processors

Security and Complianceat JIFFYAI