menu
Active Policy

Privacy & Data Sovereignty Policy

Version 4.2

Last Updated: October 24, 2025

Effective Date: November 1, 2025

01. Introduction

At Jedra, we provide government-grade technology solutions with an unwavering commitment to privacy, security, and data sovereignty. In a landscape where information is the most critical asset, we understand that trust is the foundation of our partnership with public sector entities and enterprise clients.

This policy outlines how we handle sensitive information within our secure infrastructure. Unlike consumer-grade platforms, our architecture is built from the ground up to serve the rigorous demands of national security, defense, and critical infrastructure sectors.

02. Data Sovereignty

public_off

Strict Geo-Fencing

Jedra guarantees that all client data is stored, processed, and backed up exclusively within the national borders of the client's origin unless explicitly authorized. We reject any claim to data ownership and design our systems to resist extraterritorial data requests.

We provide Data Residency Controls that allow administrators to pin data to specific physical data centers. This ensures compliance with local data protection laws that mandate domestic storage of citizen information.

03. Government Compliance

Our platform is continuously monitored and audited to maintain compliance with the highest international and federal standards.

security

FedRAMP High

Authorization for protecting the federal government's most sensitive unclassified data in cloud computing environments.

policy

GDPR & CCPA

Comprehensive framework supporting data subject rights, privacy by design, and the right to be forgotten.

verified_user

ISO 27001

International standard for Information Security Management Systems (ISMS) ensuring systematic risk management.

health_and_safety

HIPAA Compliant

Safeguards for protected health information (PHI) ensuring confidentiality and availability.

04. Data Collection

We operate on a principle of minimal necessity. We strictly separate Customer Content (your data) from Service Metadata (system logs).

  • No Content Mining We do not access, analyze, or use Customer Content for product improvement, marketing, or training public AI models. Your data remains an opaque box to us.
  • Operational Telemetry We collect basic telemetry (CPU usage, API latency, error rates) solely to maintain service reliability and uphold SLAs.

05. Secure Handling

Our security posture assumes a "Zero Trust" environment. Every access request is fully authenticated, authorized, and encrypted before granting access.

Security Layer Standard Applied
Data at Rest AES-256 Encryption (FIPS 140-2 Validated)
Data in Transit TLS 1.3 with Perfect Forward Secrecy
Key Management Hardware Security Modules (HSM) / BYOK Support
Access Control Role-Based Access Control (RBAC) + MFA

06. User Rights

You retain full rights to your data. At any time, authorized administrators can:

Export Data Request Deletion Audit Access Logs Manage Encryption Keys

For specific data subject requests or to escalate a privacy concern, please contact our Data Protection Officer at privacy@jedra.net.