JINZO  ·  Security

Security & Trust

Last updated: May 11, 2026

JINZO provides supply chain infrastructure for semiconductor companies. Our customers trust us with sensitive operational data — wafer allocations, yield metrics, supplier relationships, export classifications, and cost structures. We treat the security and confidentiality of that data as a core product requirement.

This page describes how we protect your data today. Where a control is planned but not yet in place, we say so explicitly.

1. Infrastructure

1.1 Hosting

JINZO's backend services are hosted on SOC 2 Type II certified cloud infrastructure in the US West (Oregon) region. Infrastructure-level security controls include physical security, network isolation, and host hardening.

1.2 Encryption

All data transmitted between your browser and our services is encrypted using TLS 1.2 or higher. Data stored in our database is encrypted at rest using AES-256. Database backups are also encrypted.

1.3 Network Security

Our application is served behind a web application firewall (WAF) with DDoS mitigation and bot management. Public-facing forms use challenge-based bot protection to prevent automated abuse.

2. Application Security

2.1 Authentication & Access Control

API endpoints are protected with JWT-based authentication. Row-level security (RLS) policies are enforced at the database level, ensuring that users can only access data belonging to their tenant. Serverless functions run with scoped permissions following the principle of least privilege.

2.2 Input Validation

All user-submitted data is validated and sanitized server-side before processing or storage. We enforce length limits, type checks, and allowlist validation on structured fields such as role categories, revenue bands, and form inputs.

2.3 Secrets Management

API keys and service credentials are stored as encrypted environment variables and are never committed to source code or exposed to client-side code. Publishable keys are scoped to read-only operations with RLS enforcement.

3. Data Handling

3.1 Data Residency

Customer data is stored in AWS US West (Oregon). We do not transfer customer data outside the United States unless explicitly requested and agreed upon by the customer.

3.2 Data Retention & Deletion

We retain customer data for the duration of the customer relationship. Upon account termination, customer data is deleted within 30 days. Encrypted backups are retained for disaster recovery purposes and are purged on their regular rotation schedule. See our Privacy Policy for detailed retention periods by data category.

3.3 No Data Sales

JINZO does not sell, rent, or share customer data with third parties for marketing or advertising purposes. Customer data is used solely to provide and improve the JINZO platform.

4. Organizational Security

All team members are required to use strong, unique passwords and enable multi-factor authentication on all services with access to customer data or production systems.

Access to production systems follows the principle of least privilege and is reviewed regularly. Access is revoked immediately upon role change or departure.

5. Incident Response

We maintain an incident response process for security events. In the event of a confirmed data breach affecting customer data, we will:

• Notify affected customers within 72 hours of confirmation
• Provide a clear description of the incident, data affected, and remediation steps
• Cooperate with customer security teams during investigation
• Conduct a post-incident review and implement preventive measures

6. Business Continuity

Our database is backed up automatically on a daily basis with point-in-time recovery capability. Backups are encrypted and stored in a separate availability zone from the primary database.

7. Responsible Disclosure

If you believe you have discovered a security vulnerability in JINZO, please report it responsibly. Email security@jinzo.co with a description of the vulnerability and steps to reproduce it.

We ask that you give us reasonable time to investigate and address the issue before any public disclosure. We will not pursue legal action against researchers who report vulnerabilities in good faith and follow responsible disclosure practices.

8. Contact

For security-related questions or to report a concern:

JINZO Co.
Security: security@jinzo.co
General: contact@jinzo.co
Website: jinzo.co