Privacy Policy
Effective on February 22, 2021 and Updated on November 27, 2024
Introduction
At JOPINC, we are committed to providing robust security measures to safeguard your business systems and user data. With the evolution of security laws globally, businesses must ensure the protection of their user and customer information through internal practices and those of their service providers. We understand the trust you place in us and aim to uphold the highest standards in data security to keep your information safe.
JOPINC is ISO 27001:2015 Certified.
This document outlines the multi-layered security strategies we employ to protect your data, offering the transparency needed for businesses to confidently evaluate JOPINC as their software vendor. Our approach to security is divided into two key categories:
- Internal Threats: These are risks related to unauthorized access, data export, or deletion by system users, such as disgruntled employees. We’ll explain the measures that help mitigate these risks.
- External Threats: These include attacks by hackers or other external actors trying to compromise your data. We employ strong IT policies and system administration practices to reduce these risks.
1. Policies & Certifications
JOPINC has a comprehensive security and privacy policies, verified by both internal resources and third-party auditors.
ISO 27001:2013 Certified
We hold ISO/IEC 27001 certification, demonstrating our commitment to information security management best practices. Certification details are available upon request.
Third-Party Vulnerability & Penetration Testing
We regularly perform malware and vulnerability scans using specialized software. Malware scans are conducted daily, and network vulnerability scans are done weekly to identify and mitigate potential threats.
Data Ownership & Deletion Policy
Clients retain ownership of their data, and we provide a self-delete feature for easy deletion of all business-related data.
2. System & Network Infrastructure
JOPINC’s platform is built on a secure 3-tier architecture—web, application, and data storage—protected by AWS Cloud VPC Firewall. All communication between layers and external systems is encrypted via SSL.
2.1 Hosting Infrastructure
Our production environment is hosted on AWS Infrestructure. Customers can select their preferred data storage location based on their country’s regulations. Data is never transferred between regions, ensuring consistent data security.
2.2 Disaster Recovery Capabilities
We maintain redundant storage and backup systems to ensure high availability of data, with regular backups. In case of a disaster, our recovery process can restore operations within a few hours.
2.3 Data Encryption
All data is encrypted in transit with 256-bit SSL encryption. Passwords are salted, hashed, and stored securely at rest.
2.4 Data Segmentation Between Clients
We employ sharded databases to segment data between clients. For enterprise customers, we offer fully segmented databases. Every record is tagged to a specific organization, ensuring complete data isolation.
3. Platform Security Features
User Authentication & SSO
JOPINC supports both standard email/password authentication and Single Sign-On (SSO) for enhanced security. Admins can manage password reset controls and enforce SSO for their users.
Session Management Controls
Session timeouts are configurable. For SSO users, we recommend synchronizing the session timeout with your SSO provider.
4. Role-Based Access Control
Our role-based access control (RBAC) system allows admins to set granular permissions for different user roles, ensuring appropriate access levels for each employee.
4.1 Data-Level Access
This feature restricts access to specific records, allowing managers to control who can view or edit individual items, based on roles.
4.2 Collaboration Security
Collaboration settings define how employees share emails, calendar events, and tasks, enabling businesses to keep sensitive information private or share it in a controlled manner.
4.3 Report & Action-Level Security
JOPINC allows businesses to control access to specific actions, such as report generation, data export, and record creation, based on user privileges.
4.4 Field-Level Security
Admins can control access to specific fields within records, ensuring users only see and edit the information they are authorized to manage.
4.5 Search Security
Search capabilities can be restricted based on user roles, limiting the potential for unauthorized data access.
For more information or to request a demo, please visit our website at www.getjop.com.