Tonight, where's the jazz?
JazzNode runs on infrastructure trusted by the world's largest platforms — with controls, audits, and commitments tailored to the people who book, perform, and buy tickets with us.
Last reviewed: April 14, 2026
Every payment, database call, and deployment rides on providers that hold top-tier independent audits. Click any badge to verify.
PCI DSS Level 1
All card payments are processed by Stripe. JazzNode never stores, handles, or transmits raw card numbers.
Stripe Trust CenterSOC 2 Type 2 · ISO 27001
Database, authentication, and storage run on Supabase — independently audited and GDPR-ready.
Supabase SecuritySOC 2 Type 2 · ISO 27001
Application hosting, edge network, and build pipeline run on Vercel, with security reviewed annually.
Vercel TrustOAuth 2.0
Sign-in with Google uses industry-standard OAuth 2.0. We never see or store your Google password.
Google IdentityPolicies only matter when they translate into the code we ship every day.
Every request is served over TLS 1.2+. HSTS is enabled across all JazzNode domains, including ticket QR codes and embeds.
Supabase Row Level Security rules enforce per-user, per-role access at the database layer — not just the app layer.
We don't store card numbers. We don't store your Google password. We don't sell personal data. Accounts can be deleted within 30 days on request.
Production secrets live in Vercel's encrypted environment variables. OIDC tokens are used for cloud-to-cloud auth. No credentials are ever committed to git.
Internal operations are split across Owner, Admin, and Editor roles. Sensitive actions (refunds, payouts, data export) require elevated permissions.
Supabase point-in-time recovery protects the production database. Ticket records are durably stored and recoverable independent of your device.
We build with the laws that apply to the people who use JazzNode — on both sides of the Pacific.
GDPR-aligned
EU users can access, correct, export, or delete their data. Our processors offer EU-region hosting and standard contractual clauses.
Taiwan PDPA (個人資料保護法)
Personal data collected from Taiwan users is handled under Taiwan's Personal Data Protection Act and 娛興喂's local obligations.
Taiwan Consumer Protection Act §43
Our ticketing flow follows Taiwan's 票券定型化契約, including tiered refund policies, pre-purchase disclosure, and dispute handling.
DMCA notice-and-takedown
Rights holders can submit DMCA takedown notices. Our registered agent responds within statutory windows.
AI-generated content labeling
Any AI-generated editorial (artist bios, magazine features) is explicitly marked and traceable to its generation context.
We're transparent about what we've earned, what's in progress, and what's planned. No theater, no placeholder seals.
We will never claim a certification we don't hold. If a badge isn't on this page, we don't have it yet.
The infrastructure we rely on publishes its own uptime. We'll stand up a unified status page once enterprise demand justifies it.
Current posture
All core services operational
No active incidents at the time this page was last reviewed.
How we monitor
Runtime errors tracked via Vercel Observability. Database health, auth events, and storage health via Supabase logs. Payment webhooks monitored for delivery failures.
Coming soon
A consolidated status.jazznode.com page with historical uptime, incident post-mortems, and subscribe-to-updates is planned.
Underlying platforms
The services below publish independent status pages. If a JazzNode feature degrades, the cause is often visible here first.
If you've found a security issue, please tell us before telling the world. We promise a human will read your report, thank you, and keep you in the loop.
Security contact
security@jazznode.comFirst response
Within 72 hours
In scope
jazznode.com, *.jazznode.com, JazzNode iOS & Android apps
Safe harbor
Good-faith research — no DoS, no data exfiltration, no social engineering — will not result in legal action.