Security & compliance

Security built to pass enterprise procurement

We build for regulated and enterprise clients – luxury retail, automotive, logistics, payments. That means security is not a feature we add at the end; it is how we host, build and operate every project. Here is how we protect your data and your customers.

Request our security overview
At a glance

Independently assessed, built on compliant infrastructure

  • CyberGRX Tier 2Cyber-risk Index 85 — “Very Strong”
  • PCI-compliant AWSPayment-grade hosting
  • Ministry of Finance clearedCash-machine embedded software
  • GDPR & APPIEU & Japan privacy compliant
  • TLS 1.3 everywhereHSTS, encryption in transit
How we protect data

Security at every layer, by default

Hardened infrastructure

PCI-compliant AWS hosting, isolated environments, a web application firewall and automated IP banning (fail2ban) on every site we operate.

Encryption in transit & at rest

TLS 1.3 with HSTS on every page, encryption at rest for stored data, and GPG-encrypted file exchange for sensitive customer datasets.

Access control

Role-based access, two-factor authentication and least-privilege accounts. People and systems only reach the data they actually need.

Secure development

Code review, dependency management and OWASP-aware practices – input validation, output escaping, parameterised queries – baked into how we build.

Backups & resilience

Redundant backups with offsite cold storage, so a failure or ransomware event never means lost data. Tested restores, not just backups that exist.

Privacy by design

Data minimisation, GDPR (EU) and APPI (Japan) compliant handling, country-aware cookie consent and clear retention – privacy designed in, not bolted on.

Independent assessment

Don’t take our word for it

J Tech Solutions K.K. completed a Tier 2 cyber-risk assessment on the CyberGRX (now ProcessUnity) Global Risk Exchange – the same third-party platform enterprises use to vet their suppliers – scoring a Cyber-risk Index of 85, rated “Very Strong”. Our production infrastructure runs on PCI-compliant AWS, and we have been cleared by Japan’s Ministry of Finance to develop embedded software for cash machines. If your procurement team needs a vendor security questionnaire (CAIQ, SIG or your own), we will complete it.

Monitoring & response

Watched, patched and ready to respond

Monitoring

WAF + intrusion detection, uptime & integrity monitoring

Patching

Prompt security updates & dependency upgrades

Response

Defined incident process, fast escalation

Disclosure

Report a vulnerability via our contact form

Doing a vendor security review? Send us your questionnaire – we’ll turn it around.
Let's talk

Let's build your custom software.

Tell us what you're building – we'll show you how we'd ship it, and what it takes.

Get a free quote