All code is scanned by Veracode for vulnerabilities before deployed to production. JumpSeat traffic is always encrypted over HTTPS. The only PII stored is what you choose to store. JumpSeat doesn’t capture any application data from the app it’s used on.