Security & trust

Built to pass your security review.

Answers come only from sources your admins approve, with encryption in transit and at rest and audit logging on top. This page lays it out the way your IT team will want to review it.

Where our certifications stand
SOC 2 Type II In Progress
ISO 27001 In Progress
GDPR In Progress
HIPAA In Progress
256-bit Encryption

In Progress means exactly that. We'll say certified when we are, not before.

Our security promise. Four commitments that guide how we handle your data.

01

Your data is yours

You own your data. We never sell it, share it for anyone else's benefit, or use it for anything you haven't authorized.

02

Your data doesn't train AI models

What you upload stays your property and never becomes training data, for our models or anyone else's.

03

Encryption everywhere

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your information is protected whether it's moving or stored.

04

Transparent practices

Our security practices are written down in plain language, and you can read them before you commit.

AI safety and governance. the controls that decide what the AI can say and who gets to check its work.

Grounded in your data

Answers are grounded in the content you upload and approve. Every response traces back to a source document you control.

Citations you can verify

Every AI answer includes citations pointing to the exact source. Users can verify information rather than blindly trusting AI output.

No model training on your data

Your content is never used to train AI models. The queries and answers in your JoySuite stay in your JoySuite.

Content guardrails

Built-in moderation keeps generated content on topic and appropriate, with boundaries your admins set.

Audit trails

Every interaction is logged, including the question, the answer, and the sources used, so compliance reviews get the full picture.

Human oversight

Admins can review responses, flag problems, and tune the system over time. The AI assists; people stay in charge.

Security in depth. Four layers of protection, from the infrastructure underneath to who can access what.

01

Infrastructure Security

JoySuite runs on major cloud infrastructure with several layers of protection underneath it.

  • Hosted on AWS with ISO 27001 and SOC 2 certified data centers
  • Multi-region redundancy for high availability
  • DDoS protection and web application firewall
  • Continuous vulnerability scanning and penetration testing
  • 24/7 infrastructure monitoring and alerting
02

Application Security

Security decisions are part of how the application is built, reviewed, and shipped.

  • Secure development lifecycle with code review and testing
  • Relationship-based Access Controls (ReBAC) with granular permissions
  • Session management with automatic timeout
  • Audit logging for all administrative actions
  • Regular third-party security assessments
03

Data Protection

Your data is protected at every stage: upload, processing, storage, and retrieval.

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for all data at rest
  • Logical and physical tenant isolation options
  • Automated backups with point-in-time recovery
  • Data retention policies you control
04

Access Control

Control who sees what with the identity and access tools your IT team already expects.

  • Single Sign-On (SSO) support for enterprise identity providers
  • Multi-factor authentication (MFA) available
  • Granular permission controls for content and features
  • IP allowlisting for additional access control
  • Automatic account lockout after failed attempts

Your content never trains AI models.

What you upload stays yours. Answers are grounded in the sources you approve (not the open web), and every one carries a citation your team can check.

Certifications and compliance. We're pursuing the security and compliance certifications your organization requires.

SOC 2 Type II

Audited security controls

In Progress

GDPR

EU data protection

In Progress

HIPAA

Healthcare data ready

In Progress

ISO 27001

Information security management

In Progress

Questions about security? Our security team is happy to discuss your specific requirements and answer any questions.

Request security documentation →

Have your security team talk to ours.

Bring the questionnaire, the data-handling requirements, and the hard questions. We'd rather answer them before you commit than after.