Security

We design Jetstream with security in mind, from intake to notifications.

Data protection

• Transport security: All pages and APIs enforce HTTPS.
• Email security: SPF/DKIM/DMARC alignment supported for your domain.
• Access controls: Role-based access with least-privilege defaults.
• Auditability: Item history includes time, user, and action logs.
• Data segregation: Per-center configuration and isolated mail flows.

Application security

• Input validation and sanitization on all forms.
• Spam mitigation via honeypot and server-side checks.
• Secrets handled via environment variables (not embedded in code).
• Session hardening on admin tools with CSRF protection.

Operational security

• Backups of configuration and templates.
• Principle of least privilege for SMTP and admin credentials.
• Secure hosting with regular patching and TLS renewal.

Questions or a security package for review? Email hello@idmetech.com.