top of page

Jewellink Security Overview


Effective date: 05/01/2026

This Security Overview summarizes Jewellink's general security practices. It is informational and does not replace the Master Terms, Data Processing Addendum, or any signed security addendum.

1. Security Program

Jewellink maintains commercially reasonable administrative, technical, and organizational safeguards designed to protect Retailer Data in Jewellink's possession.

Security measures are designed based on the size and nature of the Services, the types of data processed, and the risks reasonably associated with CRM, sales analytics, messaging, training, AI, and retail jewelry data.

2. Hosting and Infrastructure

Jewellink is designed to run on managed cloud infrastructure. Production deployment artifacts indicate use of Google Cloud Run, containerized application deployment, Google Cloud build/deploy workflows, and runtime secret injection through cloud secret management.

3. Access Controls

Jewellink uses account-based access controls to restrict access to retailer workspaces and functionality. Retailers are responsible for assigning appropriate roles, removing former personnel, and maintaining secure credentials.

Administrative access to production systems should be limited to personnel with a legitimate business need.

4. Encryption

Jewellink uses encrypted transport where supported for application traffic and third-party integrations. Secrets and tokens should be stored using appropriate secret management or encryption practices.

Where supported by the hosting, database, and storage providers, data is encrypted at rest by the underlying service provider.

5. Secrets and Tokens

Production secrets should not be committed to source code. Deployment configuration indicates production secrets are intended to be injected at runtime from cloud secret management.

OAuth tokens and connected account credentials should be encrypted or otherwise protected at rest.

6. Logging and Monitoring

Jewellink may maintain application logs, audit trails, webhook logs, message statuses, sync job records, error logs, and security signals to operate, debug, secure, and improve the Services.

Logs may contain limited personal information depending on the feature and event. Access to logs should be restricted based on business need.

7. Tenant Separation

Jewellink is designed as a multi-tenant service with company, location, and user scoping in application logic. Retailer is responsible for accurate setup of company, location, user, role, and integration permissions.

8. Third-Party Providers

Jewellink uses third-party service providers for hosting, messaging, payments, email, media, AI, learning management, mobile services, and integrations. Jewellink reviews providers based on business need, security posture, service functionality, and contract terms appropriate to the provider's role.

Third-party service providers may experience outages, security incidents, API changes, policy changes, or enforcement actions outside Jewellink's control.

9. Incident Response

Jewellink will investigate suspected security incidents affecting Jewellink systems and will provide legally required notices. Jewellink may notify affected retailers when Jewellink confirms a Security Incident affecting Retailer Data in Jewellink's possession.

Retailer must promptly notify Jewellink of suspected unauthorized access, compromised credentials, phishing, suspicious messaging, or security incidents involving Retailer Systems or Authorized Users.

10. Retailer Responsibilities

Retailer is responsible for security outside Jewellink's control, including:

  • employee onboarding and offboarding;

  • password and device security;

  • email, calendar, social, POS, and third-party account security;

  • network and endpoint security;

  • physical store devices;

  • user permissions and admin access;

  • consumer consent records;

  • phishing and social engineering prevention; and

  • accuracy and legality of data imported or synced into Jewellink.

Retailer is also responsible for obtaining and maintaining all permissions, licenses, API rights, export rights, vendor approvals, and contractual rights required to connect POS systems, email accounts, social accounts, data sources, and other third-party systems to Jewellink.

Jewellink does not guarantee the accuracy or completeness of customer records, POS data, inventory data, transaction data, message data, usage data, dashboards, sales analytics, AI outputs, imports, exports, syncs, mappings, or integration results. Retailer is responsible for auditing, validating, reconciling, and correcting its data and outputs before relying on them.

Security incidents caused by retailer systems, retailer personnel, retailer credentials, retailer devices, connected third-party accounts, POS systems, unlawful data collection, misconfigured access, failure to offboard users, phishing, social engineering, or prohibited sensitive data submitted by the retailer are the retailer's responsibility under the Master Terms and DPA.

11. No Absolute Security

No service can guarantee absolute security, uninterrupted service, perfect deliverability, or prevention of every data loss, phishing event, credential compromise, vendor outage, or third-party attack.

Jewellink's obligations are limited to those expressly stated in the applicable agreement.

12. No Certification Claim Unless Posted

Unless Jewellink separately publishes a current certification or audit report, this Security Overview should not be interpreted as claiming SOC 2, ISO 27001, PCI DSS, HIPAA, GLBA, or other formal certification.

© 2022 by Jewelery Sales Academy. All Rights Reserved  

  • Facebook
  • Instagram
  • Youtube
bottom of page