Security is a feature,
not an afterthought
VPC deployment, BYOK encryption, 24,000+ automated tests, five compliance frameworks, and a responsible disclosure policy. Security is built into every layer of JieGou.
SOC 2 Audit Status
SOC 2 Type II audit preparation in progress with Advantage Partners via Vanta. Continuous compliance monitoring active.
Scheduling with certified vendor.
Readiness phase with Advantage Partners.
3–12 month period — starts after readiness confirmed.
Infrastructure Security
Enterprise-grade infrastructure from day one
JieGou deploys inside your VPC with full network isolation. All traffic is encrypted in transit with TLS 1.3, and all data at rest uses AES-256-GCM encryption. We conduct regular penetration testing and publish the results to enterprise customers.
- AWS VPC with private subnets
- TLS 1.3 for all traffic
- AES-256-GCM encryption at rest
- Regular penetration testing
Application Security
24,000+ tests. 99.18% coverage. Every night.
Our test suite runs over 24,000 automated tests with a 99.18% code coverage threshold. Nightly adversarial regression testing catches regressions before they reach production. Dependency vulnerability scanning runs on every commit and PR.
- 24,000+ automated tests
- 99.18% code coverage threshold
- Nightly adversarial regression testing
- Dependency vulnerability scanning
Data Security
Your keys, your data, your rules
Bring Your Own Key (BYOK) encryption means your LLM API keys are encrypted with AES-256-GCM using your own encryption key. Configure data residency controls to keep data in specific regions. Automatic PII detection and redaction prevents sensitive data from reaching LLM providers. Field-level encryption gives you granular control.
- BYOK encryption (AES-256-GCM)
- Configurable data residency controls
- Automatic PII detection and redaction
- Field-level encryption options
Compliance
Five frameworks. One platform.
JieGou ships compliance presets for the frameworks your industry requires. Enable HIPAA, SOX, GDPR, or PCI-DSS compliance with a single toggle that configures data retention, access controls, audit logging, and encryption settings. FedRAMP-ready configuration is available for government customers.
- HIPAA compliance preset
- SOX compliance preset
- GDPR compliance preset
- FedRAMP-ready configuration
Vulnerability Disclosure
Responsible disclosure, transparent communication
We maintain a responsible disclosure policy and encourage security researchers to report vulnerabilities. We acknowledge all reports within 48 hours, issue CVEs for confirmed vulnerabilities, and publish quarterly security reviews for transparency.
- security@jiegou.ai for reports
- 48-hour acknowledgment SLA
- CVE issuance for confirmed vulnerabilities
- Quarterly security review publication
- Responsible disclosure policy
Industry Alert
Why self-hosted doesn't mean secure
The open-source automation platform n8n disclosed 21+ security vulnerabilities in February 2026 — including 7 critical (CVSS 9.4–10.0) and 4 independent remote code execution vectors. Most critically, CVE-2026-25049 bypasses a December 2025 sandbox fix within 3 months — proving the issues are architectural, not patchable. National cybersecurity agencies — Singapore CSA and Canadian CCCS — have issued formal advisories. Censys identified 26,512 exposed n8n instances on the public internet.
JieGou's hybrid model: the best of both worlds
Self-hosted risks
- 3 independent RCE vectors (expression, SQL, task runner)
- Government advisories (Singapore CSA, Canadian CCCS)
- SSO bypass, SQL injection, webhook forgery
- No SOC 2, basic RBAC, no audit logging
JieGou hybrid deployment
- VPC execution + cloud control plane
- SOC 2 Type II preparation via Vanta, 17 compliance policies
- 6 roles, 20 granular permissions, SAML/OIDC
- 30+ audit action types, GDPR data export/deletion
Data as of February 2026
Ready to automate with confidence?
JieGou gives you enterprise-grade security without the enterprise-grade setup. Start free or talk to our team about compliance requirements.