Legal
Security Policy
How JHBRIDGE Translation Services protects your data, documents, and account information through commercially reasonable security measures.
Effective Date: June 2026
Our Approach to Security
JHBRIDGE Translation Services ("JHBridge," "we," "us," or "our") is committed to implementing reasonable, commercially appropriate safeguards to protect the confidentiality, integrity, and availability of our systems, services, and the data entrusted to us by our clients. As a small translation and interpretation business, our security measures are proportionate to the nature, size, and complexity of our operations and the types of data we handle.
We continuously evaluate and seek to improve our security posture as our business grows and as new risks emerge. We invest in tools, practices, and infrastructure that we believe provide meaningful protection for our clients and our operations. However, we do not hold formal security certifications such as SOC 2, ISO 27001, or similar third-party attestations at this time.
No security program can guarantee absolute protection against all threats. While we strive to maintain strong safeguards, we cannot and do not warrant that our systems are impervious to every possible attack, breach, or failure. By using our services, you acknowledge and accept the inherent risks associated with transmitting and storing information electronically.
Encryption
All data transmitted between your browser and our servers is protected using HTTPS with TLS (Transport Layer Security) encryption. This ensures that information exchanged during your use of our website and services -- including login credentials, uploaded documents, payment information, and personal data -- is encrypted in transit and protected from interception by unauthorized parties.
For data stored on our systems, we employ encryption at rest where appropriate, particularly for sensitive documents, personal information, and other confidential client materials. Our cloud infrastructure providers offer server-side encryption capabilities that we leverage to protect stored data. Encryption keys are managed through secure key management services provided by our infrastructure partners.
While we use commercially reasonable encryption practices, the specific encryption methods and configurations may vary depending on the type of data, the storage system, and the services involved. We regularly review our encryption practices to ensure they remain appropriate for the data we process.
Access Controls
JHBRIDGE implements role-based access controls to restrict access to client data, internal systems, and administrative functions. Access to sensitive information and systems is granted on a need-to-know basis, following the principle of least privilege. Team members, contractors, and interpreters are granted only the minimum level of access necessary to perform their assigned duties.
Administrative accounts and systems with elevated privileges are subject to additional protections, including multi-factor authentication where implemented. We maintain separate access levels for different roles within our organization, and access permissions are reviewed and adjusted as personnel responsibilities change.
When team members, contractors, or interpreters no longer require access to our systems -- whether due to completion of a project, termination of engagement, or other reasons -- their access is revoked in a timely manner. We maintain records of access grants and revocations for audit and security purposes.
Cloud Infrastructure
Our services are hosted on secure cloud infrastructure provided by Amazon Web Services (AWS), a leading cloud provider that maintains its own extensive security certifications and compliance programs, including SOC 2, ISO 27001, and others. By leveraging AWS infrastructure, we benefit from the physical security, network protections, and operational safeguards that AWS maintains across its data centers.
We configure our cloud resources in accordance with security best practices, including network segmentation, firewall rules, and secure configuration baselines. We apply security patches and updates to our systems on a regular basis to address known vulnerabilities and maintain the integrity of our infrastructure.
While we benefit from the security practices of our cloud infrastructure provider, JHBridge's own security practices are independent of and should not be conflated with any certifications held by AWS or other third-party providers. Our use of AWS infrastructure does not mean that JHBridge itself holds any AWS-issued or third-party security certifications.
Application Security
We follow secure development practices in building and maintaining our web applications and services. This includes input validation, output encoding, parameterized queries, and other techniques designed to protect against common web application vulnerabilities such as cross-site scripting (XSS), SQL injection, cross-site request forgery (CSRF), and similar attack vectors.
Our application architecture is designed with security considerations in mind, including secure session management, appropriate authentication and authorization mechanisms, and secure handling of sensitive data throughout the application lifecycle. We use established frameworks and libraries that incorporate security best practices.
We conduct periodic security reviews of our application code and configurations to identify and remediate potential vulnerabilities. While we do not currently engage in formal penetration testing or third-party security audits on a scheduled basis, we remain attentive to security advisories, dependency vulnerabilities, and emerging threats that may affect our applications.
Audit and Logging
JHBRIDGE maintains logging of security-relevant events within our systems, including authentication events, access to sensitive resources, administrative actions, and system changes. These logs provide an audit trail that can be used for security monitoring, incident investigation, and compliance purposes.
For services involving e-signatures and document access, we maintain audit trails that record relevant actions such as document viewing, signing events, and signature verifications. These records help establish the integrity and authenticity of electronically signed documents and provide evidence of the signing process.
Logs are retained for a period consistent with our operational, security, and legal requirements. Access to log data is restricted to authorized personnel, and logs are protected against unauthorized modification or deletion to the extent commercially practicable.
Data Storage and Backup
Client documents, translated deliverables, and associated project data are stored securely within our cloud infrastructure. We employ appropriate storage configurations, access restrictions, and encryption measures to protect stored data from unauthorized access, alteration, or loss.
We maintain backup procedures designed to protect against data loss due to hardware failure, software errors, or other operational disruptions. Backup data is stored securely and is subject to the same access controls and encryption practices as primary data stores. Our disaster recovery procedures are designed to enable timely restoration of services in the event of a significant disruption.
Data is retained in accordance with our Data Retention and Deletion Policy. When data is no longer needed for its original purpose and is not subject to a legal hold or regulatory retention requirement, it is disposed of securely through deletion or other appropriate means.
Third-Party Vendors
JHBRIDGE uses a limited number of third-party service providers to support our operations, including cloud infrastructure (AWS), payment processing (Stripe), email delivery (Resend), caching and session management (Redis), and other tools necessary for service delivery. We select vendors with consideration for their security practices, reputation, and the protections they offer for data processed through their services.
Each third-party vendor operates under its own security practices, policies, and certifications. While we make reasonable efforts to choose vendors that maintain appropriate security measures, JHBRIDGE does not control the security practices of third-party providers and cannot guarantee the security of data once it is transmitted to or processed by a third party.
A list of our key subprocessors and vendors is available in our Subprocessor / Vendor List. We encourage clients to review the security and privacy practices of third-party vendors whose services interact with their data.
Vulnerability Reporting
JHBRIDGE welcomes responsible disclosure of security vulnerabilities in our systems and applications. If you believe you have discovered a security vulnerability, please report it to us at contact@jhbridgetranslation.com with a detailed description of the issue, including steps to reproduce, the potential impact, and any other information that may help us understand and address the vulnerability.
We ask that you act in good faith when reporting vulnerabilities, refrain from accessing or modifying data belonging to other users, avoid disrupting our services, and allow us a reasonable period of time to investigate and address the issue before disclosing it publicly. We will make reasonable efforts to acknowledge receipt of vulnerability reports and to keep reporters informed of our progress in addressing reported issues.
JHBRIDGE does not currently operate a formal bug bounty program and does not offer monetary compensation for vulnerability reports. We appreciate the contribution of security researchers and the broader community in helping us improve the security of our services.
User Security Responsibilities
The security of your account depends in part on the steps you take to protect your own credentials and devices. You are responsible for maintaining the confidentiality of your account username and password, and for all activities that occur under your account. We strongly recommend using a strong, unique password that is not reused across other services.
If you become aware of any unauthorized use of your account, any suspected security breach, or any other suspicious activity related to your JHBridge account, please notify us immediately at contact@jhbridgetranslation.com. Prompt reporting helps us take swift action to protect your account and our systems.
Do not share your account credentials with others. Each user should maintain their own individual account. If you require access for multiple team members, please contact us to set up appropriate accounts with individual credentials.
Incident Response
In the event of a security incident that may affect client data or the availability of our services, JHBRIDGE will respond promptly and take reasonable steps to investigate the nature and scope of the incident, contain and mitigate the impact, and implement measures to prevent recurrence.
If a security incident results in unauthorized access to, disclosure of, or loss of personal information, we will notify affected individuals and relevant authorities as required by applicable law, including state data breach notification statutes. Notifications will be provided within the timeframes required by law and will include information about the nature of the incident, the types of information affected, and steps individuals can take to protect themselves.
While we are committed to responding to security incidents in a timely and transparent manner, we cannot guarantee that security incidents will not occur. Our incident response procedures are designed to minimize harm and provide appropriate notification, but the effectiveness of any response depends on the specific circumstances of each incident.
No Absolute Security Guarantee
Despite our commitment to maintaining strong security practices, no method of electronic transmission or storage is completely secure. The internet, cloud computing, and digital communications all carry inherent risks, including the possibility of unauthorized access, data breaches, service interruptions, and other security events that may occur despite reasonable precautions.
JHBRIDGE provides its services and implements its security measures on an "as is" and "as available" basis. We make no warranties, express or implied, regarding the absolute security of our systems, networks, or data. To the fullest extent permitted by applicable law, JHBRIDGE disclaims all warranties related to the security of data transmitted to or stored by our services.
By using JHBridge services, you acknowledge that you understand the inherent risks of transmitting and storing data electronically, and you accept those risks. You agree that JHBRIDGE shall not be liable for any unauthorized access, data breaches, or other security incidents except to the extent caused by our gross negligence or willful misconduct, subject to the limitations set forth in our Terms of Service.
Contact Information
JHBRIDGE Translation Services
Email: contact@jhbridgetranslation.com
Phone: +1 (774) 223-8771
Address: 500 Grossman Dr, Braintree, MA 02184
