Compliance

Our commitment to regulatory standards and industry best practices

At JITO, we are committed to maintaining the highest standards of compliance with applicable laws, regulations, and industry best practices. This page outlines our approach to compliance and the measures we take to ensure our products and operations meet or exceed regulatory requirements.

Regulatory Compliance

Product Certifications

Our hardware security devices undergo rigorous testing and certification processes to ensure they meet international security standards:

  • FIPS 140-2 Level 3: Our secure element has been validated under the Federal Information Processing Standard for cryptographic modules, verifying its resistance to physical tampering and key protection.
  • Common Criteria EAL5+: This internationally recognized certification confirms our hardware meets rigorous security engineering requirements with semi-formal design and testing.
  • CE Marking: Our products comply with all applicable European Union health, safety, and environmental protection standards.
  • FCC Certification: JITO devices meet all Federal Communications Commission requirements for electronic devices in the United States.
  • RoHS Compliance: Our products comply with the Restriction of Hazardous Substances Directive, limiting the use of specific hazardous materials in electronic equipment.

Data Protection & Privacy

We are committed to protecting user data and privacy in accordance with global regulations:

  • General Data Protection Regulation (GDPR): While primarily focused on European Union residents, we apply GDPR principles globally, including data minimization, purpose limitation, and user rights over personal data.
  • California Consumer Privacy Act (CCPA): We comply with CCPA requirements for California residents, including disclosure of data collection practices and responding to data access and deletion requests.
  • ISO/IEC 27001: Our information security management system is certified to this international standard, ensuring systematic protection of sensitive information.

Anti-Money Laundering (AML) & Know Your Customer (KYC)

While our hardware devices do not directly involve financial transactions, we are mindful of our role in the cryptocurrency ecosystem:

  • We implement appropriate due diligence in our business relationships
  • We maintain records of corporate transactions as required by law
  • We cooperate with law enforcement agencies when legally required

Industry Standards & Best Practices

Cryptocurrency Security Standard (CCSS)

JITO adheres to the Cryptocurrency Security Standard, an industry-specific framework for securing cryptocurrency systems. Our implementation includes:

  • Creation of secure key storage systems with strong cryptographic foundations
  • Implementation of multi-factor authentication for accessing private keys
  • Development of secure key backup procedures
  • Enforcement of robust operational security practices

Open Source Security

We believe in transparency and community review to enhance security:

  • Our firmware is open source, allowing independent security researchers to review and validate our code
  • We maintain a responsible disclosure program for reporting security vulnerabilities
  • We contribute to open security standards and protocols

Security Testing & Audits

We regularly subject our products and systems to independent security testing:

  • Regular penetration testing by third-party security researchers
  • Hardware security audits by specialized laboratories
  • Code reviews by independent cryptographers
  • Physical security testing of devices to verify tamper resistance

Supply Chain Security

We implement rigorous controls throughout our supply chain to prevent tampering or insertion of counterfeit components:

  • Secure component sourcing from trusted suppliers
  • Tamper-evident packaging and secure shipping procedures
  • Verification of device authenticity through our official app
  • Secure firmware installation processes
  • Rigorous quality control testing of every device

Ongoing Compliance Efforts

Compliance is not a one-time achievement but an ongoing process. We continuously:

  • Monitor regulatory developments in relevant jurisdictions
  • Update our policies and procedures to reflect new requirements
  • Train our team on compliance obligations
  • Conduct regular internal audits of our compliance program
  • Engage with industry associations and regulatory bodies to stay informed of emerging standards

Contact Our Compliance Team

If you have questions about our compliance program or need to report a compliance concern, please contact our Compliance Officer at:

Email: compliance@jito.br.com
Phone: +1 (612) 655-2890
Mail: Compliance Department
JITO
921 W Lake St
Minneapolis, MN 55408
United States