Security
Healthcare-grade security for institutional deployments. Detailed security documentation is available on request for institutional evaluation.
Infrastructure & Hosting
Jamie runs entirely on AWS ca-central-1 (Montreal, Canada). All services operate within the Canadian region. Data at rest is encrypted using AES-256. Data in transit uses TLS 1.2+. Static assets are served via a content delivery network. API traffic does not pass through the CDN.
Access Controls
Authentication uses SRP (Secure Remote Password) protocol. Passwords are never transmitted in plaintext. Enterprise SSO is supported for institutional deployments. Role-based access controls limit data exposure by organizational role. Session tokens have defined expiry. All access events are logged.
Data Handling
Personal health information is stored in Canada. Session data is handled on a session basis and is not retained beyond operational requirements. Jamie does not use patient health data for AI model training. De-identified, aggregated data may be used for service improvement.
Incident Response
We maintain an incident response process for security events. In the event of a breach affecting personal health information, we will notify affected parties in accordance with applicable Canadian privacy legislation (PIPEDA and provincial equivalents). Security incidents can be reported to security@jamieapp.com.
Responsible Disclosure
We operate a responsible disclosure program. If you have identified a security vulnerability in the Jamie platform, please contact security@jamieapp.com with a description of the issue. We ask for responsible disclosure — 90 days for remediation before public disclosure. We will acknowledge your report within 5 business days.