Security
Built for the data you can’t afford to lose.
Claims work involves PII, PHI, and privileged correspondence. Jarel is designed from the ground up to handle it — with the controls your compliance team will actually approve.
Compliance roadmap
Honest about where we are.
We show our certifications with their actual status — compliant, in progress, or planned. No badge-washing.
Security practices
The guarantees behind the roadmap.
Never used to train models
Your documents, prompts, and generated content are never used to train any model — ours or a provider's. Zero-retention agreements with every LLM vendor in our chain.
Encryption everywhere
TLS 1.2+ in transit, AES-256 at rest. Bring-your-own-key (BYOK) available for enterprise plans. Database and object storage fully encrypted.
Regional data residency
Pick where your data lives: United States, European Union, or United Kingdom. Cross-region replication only with explicit opt-in.
Zero-trust architecture
Every request is authenticated, authorized, and audited. SSO, MFA, device binding, and IP allow-listing on enterprise plans.
Tamper-evident audit logs
Every read, write, and AI call is logged in a hash-chained audit trail. Verify log integrity end-to-end, at any time.
Tested under attack
Semi-annual third-party penetration tests with an assume-breach methodology. Responsible disclosure program for independent researchers.
Transparency
Every vendor in our chain.
We publish our subprocessor list and notify customers in advance of any changes.
Request full list| Vendor | Purpose | Region |
|---|---|---|
| Vercel | Hosting & edge | US / EU |
| Vercel AI Gateway | Model routing | US / EU |
| Anthropic | LLM provider | US |
| OpenAI | LLM fallback | US |
| Supabase | Database & storage | US / EU / UK |
| Sentry | Error monitoring | US / EU |
Questions about security?
We share our security posture, compliance roadmap, DPAs, and BAAs with prospects under NDA. Get in touch.