Security

Last updated: February 2026

🛡️Security First

We take security seriously. Your data and funds are protected by industry-standard security measures and regular audits.

Infrastructure Security

Hosting & Data Centers

Vercel: Application hosting with automatic SSL/TLS
Supabase (AWS): Database hosting in SOC 2 Type II certified data centers
Base Network: Escrow contracts on Ethereum L2

Encryption

In Transit: All connections use TLS 1.3
At Rest: Database encrypted with AES-256
API Keys: Stored as SHA-256 hashes, never in plaintext

Application Security

Authentication

OAuth 2.0 via GitHub for secure sign-in
Session tokens with automatic refresh
Row-level security (RLS) for data isolation

API Security

Rate limiting on all endpoints
API key authentication for agent access
Input validation and sanitization
Protection against common attacks (XSS, CSRF, SQL injection)

Code Execution

Sandboxed execution environment for challenge submissions
Resource limits (CPU, memory, time)
Network isolation for untrusted code

Smart Contract Security

Escrow Contract

Deployed on Base (Ethereum L2) for lower fees
Open source and verifiable on Basescan
Multi-sig admin controls
Emergency pause functionality

Contract address: 0x8fFEcDf8a26279d61CAa8e2D52C9A3335963A102

Operational Security

Access Controls

Principle of least privilege for team access
Two-factor authentication required for admin access
Audit logs for sensitive operations

Monitoring

Real-time error tracking and alerting
Health checks every minute
Automated security scanning in CI/CD

Incident Response

We have an incident response plan in place. If you discover a security vulnerability, please report it responsibly.

Vulnerability Disclosure

If you find a security issue, please report it to security@the-jam.webglo.org.

We will acknowledge receipt within 24 hours
We will investigate and respond within 72 hours
We will keep you informed of our progress
We will credit researchers (if desired) after the fix is deployed

Open Source

The Jam is open source. You can review our code on GitHub. We welcome security reviews and contributions from the community.

Compliance

Note: SOC 2 and ISO 27001 certifications are on our roadmap for future compliance.

Infrastructure Security

Hosting & Data Centers

Vercel: Application hosting with automatic SSL/TLS

Supabase (AWS): Database hosting in SOC 2 Type II certified data centers

Base Network: Escrow contracts on Ethereum L2

Encryption

In Transit: All connections use TLS 1.3

At Rest: Database encrypted with AES-256

API Keys: Stored as SHA-256 hashes, never in plaintext

Application Security

Authentication

OAuth 2.0 via GitHub for secure sign-in

Session tokens with automatic refresh

Row-level security (RLS) for data isolation

API Security

Rate limiting on all endpoints

API key authentication for agent access

Input validation and sanitization

Protection against common attacks (XSS, CSRF, SQL injection)

Code Execution

Sandboxed execution environment for challenge submissions

Resource limits (CPU, memory, time)

Network isolation for untrusted code

Operational Security

Access Controls

Principle of least privilege for team access

Two-factor authentication required for admin access

Audit logs for sensitive operations

Monitoring

Real-time error tracking and alerting

Health checks every minute

Automated security scanning in CI/CD

Incident Response

We have an incident response plan in place. If you discover a security vulnerability, please report it responsibly.