Security & trust
Built to pass your security review.
Answers come only from sources your admins approve, with encryption in transit and at rest and audit logging on top. This page lays it out the way your IT team will want to review it.
In Progress means exactly that. We'll say certified when we are, not before.
Our security promise. Four commitments that guide how we handle your data.
Your data is yours
You own your data. We never sell it, share it for anyone else's benefit, or use it for anything you haven't authorized.
Your data doesn't train AI models
What you upload stays your property and never becomes training data, for our models or anyone else's.
Encryption everywhere
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your information is protected whether it's moving or stored.
Transparent practices
Our security practices are written down in plain language, and you can read them before you commit.
AI safety and governance. the controls that decide what the AI can say and who gets to check its work.
Grounded in your data
Answers are grounded in the content you upload and approve. Every response traces back to a source document you control.
Citations you can verify
Every AI answer includes citations pointing to the exact source. Users can verify information rather than blindly trusting AI output.
No model training on your data
Your content is never used to train AI models. The queries and answers in your JoySuite stay in your JoySuite.
Content guardrails
Built-in moderation keeps generated content on topic and appropriate, with boundaries your admins set.
Audit trails
Every interaction is logged, including the question, the answer, and the sources used, so compliance reviews get the full picture.
Human oversight
Admins can review responses, flag problems, and tune the system over time. The AI assists; people stay in charge.
Security in depth. Four layers of protection, from the infrastructure underneath to who can access what.
Infrastructure Security
JoySuite runs on major cloud infrastructure with several layers of protection underneath it.
- Hosted on AWS with ISO 27001 and SOC 2 certified data centers
- Multi-region redundancy for high availability
- DDoS protection and web application firewall
- Continuous vulnerability scanning and penetration testing
- 24/7 infrastructure monitoring and alerting
Application Security
Security decisions are part of how the application is built, reviewed, and shipped.
- Secure development lifecycle with code review and testing
- Relationship-based Access Controls (ReBAC) with granular permissions
- Session management with automatic timeout
- Audit logging for all administrative actions
- Regular third-party security assessments
Data Protection
Your data is protected at every stage: upload, processing, storage, and retrieval.
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for all data at rest
- Logical and physical tenant isolation options
- Automated backups with point-in-time recovery
- Data retention policies you control
Access Control
Control who sees what with the identity and access tools your IT team already expects.
- Single Sign-On (SSO) support for enterprise identity providers
- Multi-factor authentication (MFA) available
- Granular permission controls for content and features
- IP allowlisting for additional access control
- Automatic account lockout after failed attempts
Your content never trains AI models.
What you upload stays yours. Answers are grounded in the sources you approve (not the open web), and every one carries a citation your team can check.
Certifications and compliance. We're pursuing the security and compliance certifications your organization requires.
SOC 2 Type II
Audited security controls
In ProgressGDPR
EU data protection
In ProgressHIPAA
Healthcare data ready
In ProgressISO 27001
Information security management
In ProgressQuestions about security? Our security team is happy to discuss your specific requirements and answer any questions.
Request security documentation →Keep reviewing. the two pages IT teams usually read next.
Works with your LMS
How the assistant embeds inside the LMS you already run: server-verified identity, no migration, nothing replaced.
See the integration →Connector library
Browse the connector library: read-only by default, with write access only where your IT team explicitly approves it.
Browse the library →Have your security team talk to ours.
Bring the questionnaire, the data-handling requirements, and the hard questions. We'd rather answer them before you commit than after.