This security statement applies to the products, services, websites and apps, collectively referred to as “Services” offered by Jubile Tech Incubator Ltd., a Venture Capital and Software Development company UK Limited Company with registration number 14363692 and official address Kemp House, 160 City Road, EC1V2NX, London, United Kingdom (collectively, “Jubile” / "Jubile Startup Builder" / "Jubile Tech Incubator" / “we” / “our” / “us”). We value the trust that you place in us by letting us act as custodians of your data and take our responsibility to protect and secure your information responsively and aim for complete transparency around our security practices.
We encrypt your data in transit using secure TLS cryptographic protocols. All connections to our services are via TLS 1.1 and above and we support forward secrecy and AES-GCM. We prohibit insecure connections, as well as secure connections attempting to use TLS 1.0 and below or RC4, as these are widely considered to also be insecure. Protocols and Cipher Suites for encryption used by our services are regularly reviewed to be in line with industry best practices.
Our services are hosted in the UK with our servers benefitting from hardware and software firewall protection located in ultra-secure, ISO 27001 accredited data centres. The infrastructure our servers are on is monitored and maintained on a 24-7-365 basis with regular threat scans and analysis as well as penetration testing on core infrastructure. Encrypted backups are taken nightly of all data to an alternative UK based data centre location with backups being stored for up to six months. Access to our servers is heavily limited and restricted, only available from specific locations and connections with privileges granted on a need to know basis, with least privileges required.
Our development teams strive to adhere to best practices and secure coding techniques. Including, but not limited to, using the highly regarded OWASP Top Ten as the most effective guide to critical security risks for web applications. We run and maintain separate environments for development, testing and production. Updates are not made available to the production environment without first going through development and testing environments. We make use of a GIT revision control system to maintain the source code for services which allows for tracking of and reviews of all code changes before deployment to any environment. This also allows us the ability to select important and critical updates and accelerate them to our production servers. Access to source code is maintained on a need to know basis with least privileges required.
Our services and infrastructure have multiple levels of logging and audit information systems in place for both security and quality of service purposes. Our logs are actively monitored and analysed for abnormal pattern and unauthorised access attempts, as well as to maintain performance levels and in support of troubleshooting efforts. Access to this information is strictly limited and where possible only retained for up to 6 months.
All emails that are sent from our services use Microsoft Outlook with enterprise security layers, ensuring the best overall security communication protocols. We can guarantee that all emails leaving our services are free from viruses and spyware, however as messages are then relayed through multiple further servers to reach the intended recipient, we would recommend that as with all emails, they are scanned upon arrival to a company network. This will be the case for any email from any user to any network and all providers should scan email before delivering to a user account.
We provide our clients with control of their own users and their data. As such it is important for clients and their users to practice good security practices by using strong account passwords and where necessary, restricting user accounts access and permissions to aid in keeping your data secure. We can guarantee that all emails leaving our services are free from viruses and spyware, however as messages are then relayed through multiple further servers to reach the intended recipient, we would recommend that as with all emails, they are scanned upon arrival to a company network. This will be the case for any email from any user to any network and all providers should scan email before delivering to a user account.
Since Privacy by Design is one of our core values, we conduct regular privacy and security policy assessments with reputable legal and security experts. Every assessment cycle takes place regularly on a yearly basis and also before releasing any major piece of functionality in order to maintain the highest security standards.
If you have any questions or concerns about your privacy, security and data protection in relation to the use of Jubile's Website, Product or Services please contact our privacy officer:
If you desire to print this document, please use the keyboard shortcut Ctrl + P (for Windows) or Command + P (for macOS) to start the print process; all modern browsers support this operation.
