جَبرJabr
PricingAcademyAboutContact Us
ENع
PricingAcademyAboutContact Us
ENع

Legal Documents

Terms of ServicePrivacy PolicyData Processing AgreementCookie PolicyAcceptable Use PolicySecurity

Security

Arabic is the legally binding version per Saudi law.

Last updated: 1 May 2026 / 1 مايو 2026

We take the security of your data seriously. This page describes the controls actually implemented on the Jabr platform.

1. Encryption

  • In transit: All traffic over HTTPS with TLS 1.3 and HSTS enabled
  • At rest: Firestore and Cloud Storage encrypt all data automatically with Google-managed keys (AES-256)
  • Sensitive secrets: ZATCA signing keys are encrypted with AES-256-GCM before storage

2. Access Control

  • Firestore security rules operate on a default-deny basis and verify company membership before any read or write
  • Granular roles (Owner, Accountant, Auditor, Partner, Filing Officer, Viewer, CPA) gate what each user can do
  • Every sensitive admin action is recorded in an immutable audit log

3. Account Protection

  • Email verification at signup
  • IP blocklist to stop repeated abuse attempts
  • Per-IP and per-account rate limiting
  • Automatic session expiry after a configurable idle period
  • One-click account suspension and session revocation

4. Backup

  • Automated daily backups to Cloud Storage
  • Object versioning enabled for your files (receipts, bank statements)
  • Per-company restore capability without affecting other accounts

5. AI Connector (MCP) Safety

  • AI connected via MCP cannot post journal entries directly - every entry starts as a draft requiring user approval
  • Destructive operations (reverting entries, closing periods) require explicit confirmation
  • Per-plan limits on MCP call volume
  • Connection tokens are company-scoped and can be revoked at any time

6. Incident Response

  • Read-only maintenance mode to halt writes during investigation
  • Freeze a single company or suspend a single user in seconds
  • Detailed audit log for every sensitive change
  • SDAIA notification within 72 hours and immediate notification of affected parties in the event of a breach

7. Compliance

  • Aligned with the Saudi Personal Data Protection Law (PDPL)
  • You own your data and can export or delete it at any time

8. What We Don't Do

  • We do not sell your data to any party
  • We do not use your data to train AI models
  • We do not store passwords - Firebase Authentication manages them with industry-standard hashing
  • We do not use advertising cookies or third-party analytics tools
  • We do not track users across other websites

9. Reporting a Vulnerability

If you find a security vulnerability, please email info@jabrhq.com before public disclosure. We commit to acknowledging reports within 48 hours.

View in:|
جَبرJabr

AI-powered accounting for Saudi businesses

Company

PricingAcademyAboutContact Us

Legal

Terms of ServicePrivacy PolicyAll legal
AES-256 encryptedPDPL alignedTLS 1.3 + HSTS

© 2026 Asas Albahth Commercial Limited Company. 7033481131 All rights reserved