Security & trust
Security designed for regulated industries.
Jupiter is built for organisations that take data protection seriously: financial services, healthcare, public sector. Here’s how we earn that trust.
Encryption
All data encrypted in transit (TLS 1.2+) and at rest (AES-256). Per-tenant keys for Enterprise customers.
Data residency
EU (Frankfurt) by default. UK-only residency available on Enterprise. No data leaves the region you select.
SOC 2 Type II
In progress (target Q4 2026). Annual penetration testing by an independent firm available on request under NDA.
GDPR & UK DPA
Jupiter acts as data processor. Our DPA is signed by every customer at contract. Right-to-erasure handled in under 30 days.
Access controls
SSO (SAML / OIDC) and SCIM provisioning on Business and Enterprise. Granular role-based access control. Audit logs of every administrative action.
Vulnerability disclosure
Responsible disclosure to security@m42k.com. We acknowledge within one business day and patch critical issues within seven.
Subprocessors
We use a limited set of subprocessors. All process data within the regions stated below.
| Subprocessor | Purpose | Data location |
|---|---|---|
| AWS | Application hosting & storage | EU (Frankfurt) / UK (London) |
| Cloudflare | CDN, DDoS protection, edge compute | Global edge / EU origin |
| Resend | Transactional email | EU (Dublin) |
| Anthropic | AI inference (course generation) | EU (Frankfurt) |
| Sentry | Error monitoring | EU (Frankfurt) |
Compliance & certifications
ISO 27001 controls implemented (certification in progress)
SOC 2 Type II audit in progress (target Q4 2026)
Cyber Essentials Plus certified
UK Data Protection Act 2018 compliant
EU GDPR compliant
Privacy-by-design principles applied across all features
Incident response
We commit to notifying affected customers within 72 hours of confirming a security incident that impacts their data, in line with UK GDPR. Our incident playbook is reviewed quarterly.
Suspect a vulnerability? Email security@m42k.com — we acknowledge within one UK business day.
Security documentation
Need our security questionnaire or DPA on file?
Send us a request and we'll turn it around within 48 hours.