Certifications and compliance
Jutsoo is ISO 27001 certified, with annual audits and regular penetration testing of our systems. We are compliant with Indonesia's Personal Data Protection Law (PDPL, UU No. 27 of 2022) and design our data handling to meet the privacy laws of the countries we operate in. Certificates and our latest reports are available to customers and prospects on request.
Encryption
All data is encrypted in transit and at rest using industry-standard algorithms. Sensitive credentials and secrets are stored in managed key vaults with strict access controls.
Infrastructure
Jutsoo runs on hardened, audited cloud infrastructure from AWS and Azure. We use network isolation, continuous monitoring, and automated patching to keep the environment secure.
Access and least privilege
Access to production systems and customer data is granted on a strict least-privilege basis, logged, and reviewed regularly. Only the people who genuinely need access to operate the service have it.
We never touch your money
Jutsoo is software only. It reads your documents and data to keep your books, and it never holds, moves, or has access to your funds. There is no payment rail to compromise.
A human is always in the loop
Bookkeeper proposes entries and explains its reasoning, but nothing posts to your books until you approve it. Every entry is traceable to its source document, so your records stay auditable end to end.
Your data is yours
Your financial data belongs to you. We do not sell it, and we do not use it to train third-party or external AI models. You can export or request deletion of your data at any time.
Responsible disclosure
If you believe you have found a security vulnerability, we want to hear from you. Please email security@jutsoo.com and we will respond promptly. We appreciate responsible disclosure and will work with you to resolve any issue quickly.