JumpPoint Legacy
Back to Home

Security & Data Protection

How we protect your digital estate information

🔒 Encryption at Rest

All your data is encrypted using industry-standard AES-256-GCM encryption before being stored in our database. This is the same encryption standard used by banks and government agencies.

Every piece of sensitive information—from vault items to contact details—is encrypted before it touches our database. Even if someone gained unauthorized access to our servers, your data would be unreadable without the encryption keys.

🔑 Unique Vault Keys

Each vault has its own unique Data Encryption Key (DEK), ensuring complete isolation between users. Your vault's encryption key is wrapped with a master key and never stored in plain text.

This means your data is protected by multiple layers of encryption. Even if one key were compromised, your specific vault data remains secure behind its own unique encryption key.

🛡️ Multi-Layer Security

We implement defense-in-depth security with multiple layers of protection:

  • Authentication: Secure user authentication via Clerk, with support for multi-factor authentication
  • Authorization: Ownership verification on every single request—you can only access your own data
  • Encryption: All sensitive data encrypted before storage using AES-256-GCM
  • Audit Logs: Complete history tracking of all changes with timestamps and details

Every request flows through authentication, authorization, and encryption layers before reaching your data.

🚫 What We Don't Store

JumpPoint Legacy is not a password manager. We never store passwords to your external accounts.

Your vault focuses on documentation, beneficiary information, and executor-friendly instructions. We store account identifiers, platform names, and your wishes—but never the passwords themselves.

This design choice means that even in the worst-case scenario, your actual account credentials remain secure in your password manager of choice.

📋 Vault History & Audit Trail

Every change to your vault items and contact details is logged with timestamps and change details. This provides a complete audit trail for accountability and transparency.

You can see:

  • When each item was created, updated, or deleted
  • What changed in each update
  • Complete history of your contact details modifications
  • Timestamps for all estate packet saves

This audit trail helps you track changes over time and provides evidence of your estate planning activities.

🔐 Secure Key Management

Our encryption keys are managed with industry best practices:

  • Master Key: Stored securely in environment variables, never in code or database
  • Data Encryption Keys (DEKs): Generated randomly for each vault using cryptographically secure methods
  • Key Wrapping: DEKs are encrypted with the master key before storage
  • Key Rotation: Support for key versioning and rotation without data loss

⚠️ Account Deletion

You can delete your account at any time. When you delete your account, all your data is permanently removed from our system, including:

  • Your vault and all vault items
  • Contact details and personal information
  • Vault history and audit logs
  • Saved estate packets and documents
  • All encryption keys associated with your account
⚠️ Warning: Account deletion is permanent and cannot be undone. All data will be permanently deleted from our system. There is no recovery process.

We believe in your right to be forgotten. When you delete your account, it's truly gone—not just marked as deleted, but completely removed from our systems.

🌍 Privacy-First Approach

We follow a privacy-first, minimal access approach. Your data belongs to you, and we provide the tools to manage, export, or delete it at any time.

Our principles:

  • Data Minimization: We only collect what's necessary for the service
  • User Control: You can view, export, or delete your data anytime
  • Transparency: Clear documentation of what we store and how we protect it
  • No Selling: We never sell your data to third parties
  • No Ads: We don't use your data for advertising

🔍 Security Best Practices

We follow industry security best practices:

  • HTTPS Only: All connections use TLS encryption
  • Secure Headers: Content Security Policy, HSTS, and other security headers
  • Input Validation: All user input is validated and sanitized
  • SQL Injection Protection: Parameterized queries via Prisma ORM
  • XSS Protection: React's built-in XSS protection
  • CSRF Protection: Token-based CSRF protection on all forms

📞 Security Questions?

If you have questions about our security practices or want to report a security issue, please contact us:

DataFuse (Pty) Ltd
Address: 19 Heron Drive, Three Rivers East, Vereeniging, 1929, South Africa
Email: admin@jumppointlegacy.com
Phone: +27 82 556 5295 / +27 82 572 9032

For Security Issues: Please report responsibly via email with "Security" in the subject line.

We take security seriously and appreciate responsible disclosure of any potential vulnerabilities.

Back to HomeGet Started