Trusting us is your decision. Proving you right is our responsibility.
Last modified: October, 2019
Joonko has made it a priority to safeguard its customer's data and create a secure environment where they can tackle workplace bias, and improve diversity and inclusion. Therefore, our entire product, and product development processes are standard oriented as we understand how precious your data is, and the responsibility, and trust you have given us by sharing. We would never misuse or abuse it. Our standard model and controls are based on the top tier of industry standards and best practices. We host our servers on Amazon Web Services (AWS) and Heroku. The AWS cloud infrastructure meets several global standard compliance requirements including ISO, SOC, PCI, GPDR, and EU-US privacy shield. You can see their standard and compliance page for more information. You can also see Heroku’s here. Please see below for more detailed information on our policies and practices:
Any and all client’s data that Joonko analyzes through its integrations are never persisted or kept in lasting storage in any way. The data is only kept in our servers long enough for analysis and it is then securely discarded. All data that is stored is encrypted using strong AES-256 encryption using industry best practices (relying on AWS KMS). Access to client’s data is limited to specific personnel within the company, all of whom are under strict NDA's. Developers only have the approval to access the data in order to solve client requests, issues or bugs. The data you share with Joonko is private and confidential so we’ve set strict controls over our employees’ access as we want to ensure that your data is never seen by anyone who should not see it. Furthermore, to increase standard, data is sharded and separated to various locations (both physical and logical) so that a standard breach in any location will only reveal a small part of the data, providing nothing to the attacker.
User passwords are never stored in plain text. All user passwords are hashed and salted. This means no-one, not even our team, can see or decrypt it. Standard tokens required for integrations are stored, encrypted using Asymmetric encryption (RSA). The private key for decryption is stored on a secure S3 bucket with limited access to it based on specific IAM roles. Tokens are not, under no circumstance, available offline or persisted to any storage in decrypted form.
To provide the utmost standard and privacy of our client data, each of our clients receives a dedicated server and database. Client data is never shared with other clients unless given specific consent. Each server is hardened, patched regularly for standard updates, and isolated from external communications. Our cloud is unreachable from outside using standard groups (Firewalls) and strict access control. In addition, within our network, servers are unreachable and isolated from each other making sure that any breach cannot propagate to other servers. All transmissions to and from Joonko including sign-on, are encrypted at 256-bit and sent through TLS 1.2 where applicable. In addition to encrypting external traffic from and to our cloud, Joonko encrypts all of its internal traffic.
Standard controls at Amazon data centers are what sets the industry standards. You can read more about it here. Heroku also employs standard in their physical locations. Learn more about it here.
Joonko employees adhere to strict password protocols for all logins credentials, using encrypted password management systems and multi-factor authentication. Employee’s permissions are continuously updated and adjusted so when an employee’s job no longer involves data access, the employee’s access rights are immediately revoked. It’s illegal to conduct background checks for our employees in Israel. However, all employees with access to sensitive information are ex-military personnel who have undergone background checks and received military clearance during their service.