Legal
Compliance Center
A transparent overview of JHBRIDGE Translation Services' current compliance posture, certifications, data protection practices, and regulatory commitments.
Effective Date: June 2026
Overview
This page provides a transparent summary of JHBRIDGE Translation Services' ("JHBridge," "we," "us," or "our") current compliance posture. JHBridge is committed to operating responsibly and protecting client information using reasonable safeguards appropriate to its size and the nature of its services. We believe that honesty about what we do and do not do is the foundation of trust, and we aim to give clients, partners, and stakeholders a clear and accurate picture of our compliance practices.
JHBridge is a small business founded by a two-person team and continuously works to improve its practices as the business grows. Our compliance and security measures are proportionate to a small translation and interpretation company, and we make ongoing investments to enhance our protections. We welcome questions about our practices and are committed to providing honest, straightforward answers.
This Compliance Center is intended to serve as a central reference point for understanding JHBridge's compliance position. It is not a substitute for reviewing our individual policies (such as our Privacy Policy, Security Policy, Confidentiality Policy, and Terms of Service), which contain detailed information about specific practices and obligations. We encourage clients with specific compliance requirements to review the relevant policies and to contact us with any questions.
What JHBridge Does
JHBridge implements commercially reasonable security measures and operational practices designed to protect client information and maintain the integrity of our services. These measures include encryption in transit (HTTPS/TLS) for all data transmitted between users and our systems, access controls that restrict access to client data on a need-to-know basis, secure cloud infrastructure hosted on Amazon Web Services (AWS), and audit logging for e-signatures, document access, and other sensitive operations.
We maintain confidentiality obligations for all staff and independent contractors, requiring them to treat client information as confidential and to handle materials in accordance with our policies. Payment processing is handled through Stripe, a PCI-compliant third-party payment processor, so that JHBridge does not directly handle or store payment card data. We conduct regular reviews of our security and privacy practices to identify areas for improvement and to ensure our safeguards remain appropriate for the data we process.
In addition to technical safeguards, JHBridge maintains organizational practices including contractor screening, confidentiality agreements, a Code of Conduct for interpreters and translators, data retention and deletion procedures, and incident response protocols. We take a practical approach to security and compliance, focusing on the measures that provide meaningful protection for the types of data we handle and the services we provide.
What JHBridge Does NOT Claim
JHBridge is transparent about the certifications and compliance frameworks that we do not hold. JHBridge is NOT HIPAA certified and does not claim HIPAA compliance -- we are not a HIPAA covered entity and have not undergone a HIPAA compliance audit. JHBridge is NOT SOC 2 certified and has not undergone a SOC 2 Type I or Type II audit. JHBridge is NOT formally GDPR certified and does not claim GDPR certification, though we make reasonable efforts to respect the privacy rights of individuals where applicable.
JHBridge is NOT CCPA/CPRA certified but makes reasonable efforts to respect applicable California privacy rights where legal thresholds are met. JHBridge is NOT PCI DSS certified -- payment card processing is handled entirely by Stripe, which maintains its own PCI DSS compliance, and JHBridge does not directly process, store, or transmit payment card data. JHBridge is NOT ISO 27001 certified (information security management) and is NOT ISO 9001 certified (quality management). JHBridge does not hold any government-issued compliance certification unless explicitly stated in a specific, signed agreement.
We share this information proactively because we believe clients deserve to know exactly what they are getting. Some translation and interpretation companies overstate their compliance posture through vague claims or misleading language. JHBridge prefers to be straightforward: we implement reasonable, practical safeguards appropriate for a small business, and we are honest about the certifications and formal compliance programs we have not yet achieved. As our business grows, we will continue to evaluate whether additional certifications are appropriate.
HIPAA Position
JHBridge is not a HIPAA covered entity (we are not a health plan, healthcare clearinghouse, or healthcare provider who transmits health information in electronic form). JHBridge is also not automatically a Business Associate under HIPAA simply by virtue of providing translation or interpretation services. Whether a Business Associate relationship exists depends on the specific circumstances of the engagement and the nature of the information being shared.
Users who are HIPAA covered entities (such as hospitals, clinics, health plans, or other healthcare organizations) should not share Protected Health Information (PHI) with JHBridge unless a separate Business Associate Agreement (BAA) has been negotiated and executed by both parties. In the absence of a BAA, JHBridge does not assume HIPAA obligations and is not liable for compliance with HIPAA's Privacy Rule, Security Rule, or Breach Notification Rule with respect to any information provided by the client.
JHBridge is willing to discuss BAA arrangements with covered entities on a case-by-case basis. However, entering into a BAA requires JHBridge to implement specific administrative, physical, and technical safeguards that may not currently be in place, and any BAA would need to accurately reflect JHBridge's actual capabilities and practices. For more information, please refer to our HIPAA & Medical Information Notice or contact us directly to discuss your specific requirements.
Privacy and Data Protection
JHBridge maintains a comprehensive Privacy Policy that describes how we collect, use, store, share, and protect personal information in connection with our services. We also maintain a Data Processing Agreement (DPA) template available for enterprise clients who require formalized data processing arrangements, a U.S. State Privacy Notice addressing state-specific privacy rights (including California, Virginia, Colorado, Connecticut, and other states with comprehensive privacy legislation), and a Data Retention & Deletion Policy describing our practices for retaining and securely disposing of client data.
JHBridge does not sell personal information to third parties. We do not use client data for advertising purposes and we do not share personal information with data brokers. The personal information we collect is used for the purpose of providing our services, managing our business operations, complying with legal obligations, and communicating with our clients. We make reasonable efforts to limit data collection to what is necessary for these purposes.
JHBridge will make reasonable efforts to respect privacy rights where legally applicable, including rights of access, correction, deletion, and portability as provided by applicable state and federal privacy laws. Enterprise clients and organizations with specific data protection requirements may request a DPA to formalize data processing arrangements. We recognize that privacy expectations and legal requirements vary among jurisdictions and client types, and we are committed to working with clients to address their reasonable privacy needs.
Security Posture
JHBridge's security practices are described in detail in our Security Policy. We use reasonable safeguards proportionate to a small business, including encryption, access controls, secure infrastructure, logging, and vendor management. Our security measures are designed to protect the confidentiality, integrity, and availability of client data and our systems, while acknowledging the practical limitations of a small organization.
No system is perfectly secure, and JHBridge does not guarantee absolute security. The nature of internet-based services, cloud computing, and electronic communications inherently involves risks that cannot be completely eliminated. We are committed to maintaining and improving our security posture over time, and we respond to identified vulnerabilities, security incidents, and evolving threats in a timely and responsible manner.
Clients with heightened security requirements -- such as those in regulated industries, government agencies, or organizations handling classified or highly sensitive information -- should review our Security Policy carefully and discuss their specific needs with us before engaging our services. JHBridge is transparent about its security capabilities and limitations, and we will work with clients to determine whether our security posture meets their requirements.
Vendor and Subprocessor Management
JHBridge uses a limited number of reputable third-party vendors to support its operations, including Amazon Web Services (AWS) for cloud infrastructure, Stripe for payment processing, Resend for transactional email delivery, and other carefully selected service providers for specific operational needs. We select vendors based on their reputation, security practices, reliability, and the protections they offer for data processed through their services.
A current list of JHBridge's subprocessors and key vendors is available at /legal/subprocessors. This list identifies the vendors we use, the services they provide, and the general categories of data they may process. We update this list as our vendor relationships change and encourage clients to review it periodically. Enterprise clients who require advance notification of subprocessor changes may request such notification as part of a Data Processing Agreement.
JHBridge imposes data protection and confidentiality obligations on its vendors and contractors through contractual provisions, terms of service, and vendor agreements. While we make reasonable efforts to ensure that our vendors maintain appropriate security and privacy practices, we do not control the operations of third-party service providers and cannot guarantee their compliance. Each vendor operates under its own policies, practices, and certifications, which are independent of JHBridge's own compliance posture.
Interpreter and Contractor Compliance
Interpreters, translators, and other independent contractors engaged by JHBridge are subject to JHBridge's Interpreter Code of Conduct, Contractor & Interpreter Terms, and Confidentiality Policy. These documents establish the professional, ethical, and operational standards expected of all contractors working with JHBridge, including requirements related to accuracy, impartiality, confidentiality, data security, and professional conduct.
Contractors are bound by confidentiality obligations that require them to treat all client information as confidential, to use client materials only for the purpose of performing assigned services, and to refrain from disclosing client information to unauthorized parties. These confidentiality obligations survive the termination of the contractor relationship. Contractors are also required to handle client data in accordance with JHBridge's Security Policy and to report any suspected security incidents promptly.
JHBridge may require background checks, credential verification, and reference checks as conditions of contractor engagement. Contractors who fail to comply with JHBridge's policies and standards are subject to corrective action, including suspension from assignments, termination of the contractor relationship, and, in cases of serious misconduct, legal action. JHBridge takes contractor compliance seriously as a critical component of its overall commitment to protecting client interests.
Accessibility
JHBridge is committed to making its website and digital services accessible to all users, including individuals with disabilities. We strive to conform to the Web Content Accessibility Guidelines (WCAG) 2.1 at the AA level, which provide a widely recognized standard for web accessibility. Our goal is to ensure that our website is perceivable, operable, understandable, and robust for users with diverse abilities and assistive technologies.
We recognize that accessibility is an ongoing effort and that there may be areas of our website or services that do not yet fully meet WCAG 2.1 AA standards. We are committed to identifying and addressing accessibility barriers as they are discovered, and we welcome feedback from users who encounter accessibility issues. Our Accessibility Statement provides additional details about our accessibility efforts and how to report concerns.
As a translation and interpretation company, we understand the importance of inclusive communication. We strive to apply the same commitment to inclusion that drives our language services to the design and development of our digital platforms. If you encounter an accessibility barrier on our website or need assistance accessing our services, please contact us and we will make reasonable efforts to provide the information or service you need in an accessible format.
Attorney Review Recommended
Enterprise clients, regulated entities, government agencies, and organizations with specific compliance requirements are encouraged to have their legal counsel review JHBridge's policies, terms, and practices before entering into an engagement. JHBridge's policies are drafted to be transparent and comprehensive, but they may not address every compliance requirement applicable to a particular client's industry, jurisdiction, or regulatory framework.
JHBridge is happy to discuss compliance questions, accommodate reasonable requests for additional information, and work with clients to address specific concerns. We can provide copies of our policies, discuss our security practices in greater detail, and explore whether additional safeguards or contractual provisions may be appropriate for a particular engagement. We believe that open dialogue about compliance expectations benefits both parties and helps establish a productive working relationship.
Nothing in JHBridge's policies, website content, or marketing materials should be construed as legal advice, compliance certification, or a guarantee of regulatory compliance. Clients are responsible for determining whether JHBridge's services and practices meet their own compliance obligations, and for obtaining independent legal advice as needed. JHBridge's willingness to discuss compliance matters does not create an attorney-client relationship or an advisory relationship between JHBridge and the client.
Contact for Compliance Questions
For compliance inquiries, Data Processing Agreement (DPA) requests, Business Associate Agreement (BAA) discussions, security questions, accessibility feedback, or any other compliance-related matters, please contact JHBridge at contact@jhbridgetranslation.com. We aim to respond to compliance inquiries within a reasonable timeframe and to provide thorough, honest answers to all questions about our practices and capabilities.
When contacting us about compliance matters, it is helpful to include specific details about your requirements, the nature of your organization, the types of data you anticipate sharing with JHBridge, and any particular compliance frameworks or certifications that are relevant to your needs. This information allows us to provide more targeted and useful responses and to identify any potential issues early in the engagement process.
JHBridge values the trust that clients place in us when they share sensitive documents and information, and we are committed to earning and maintaining that trust through transparent communication, honest representation of our capabilities, and continuous improvement of our practices. We look forward to addressing your compliance questions and working with you to ensure that our services meet your needs.
Contact Information
JHBRIDGE Translation Services
Email: contact@jhbridgetranslation.com
Phone: +1 (774) 223-8771
Address: 500 Grossman Dr, Braintree, MA 02184
