System Security
We solemnly swear to be... working on it. Constantly. 😅
Security standards are constantly evolving. We are committed to regularly updating our practices and policies to reflect the latest standards and best practices in data protection to best protect your information.
Data Security
- We encrypt all data using industry-standard encryption both in transit (TLS 1.2 or higher) and at rest (AES 256) to protect against unauthorized access.
- We implement strict access controls to ensure that only authorized personnel have access to sensitive data, and we regularly review and update these controls to maintain the highest level of security.
- We conduct regular security audits and vulnerability assessments to identify and address potential security risks.
- Data erasure takes place within 24 hours of the deletion of a Junga profile.
- Access monitoring and logging are in place to detect and respond to any unauthorized access attempts or suspicious activities. Access to high-priority systems is restricted to managers or application owners.
- Data backups are performed every 24 hours and retained for 7 days to ensure data integrity and availability in the event of a security incident or data loss. Backups are encrypted at rest ensuring their security and confidentiality.
Application Security
- We follow secure coding practices and conduct regular code reviews to identify and address potential vulnerabilities during development on an engineer's workstation and in real-time in our production environment.
- Junga utilizes a software development lifecycle that incorporates performance, security, and reliability testing at multiple stages of development to ensure a robust and secure application.
- Our application leverages proprietary version controls which allow us to rapidly iterate and transition between versions in response to software bugs or security vulnerabilities.
- We utilize a Web Application Firewall (WAF) to protect against common web application attacks such as SQL injection, cross-site scripting (XSS), and distributed denial-of-service (DDoS) attacks. The WAF is configured to monitor and filter incoming traffic, blocking any malicious requests that may pose a threat to the security of our application.
- We regularly scan our application for vulnerabilities and to identify any opportunities to harden our defenses against potential threats. We utilize a combination of automated tools and manual testing to ensure that our application is secure and resilient against attacks.
Access Control
- Data access to Junga is highly restricted. We limit access to only those who need access to perform their jobs such as engineers, product managers, and support staff.
- Password security is enforced for all accounts with access to Junga systems, which includes the use of strong passwords to prevent unauthorized access.
Infrastructure Security
- 24 hour status monitoring is in place to ensure the health and security of our infrastructure, allowing us to quickly identify and respond to any potential issues or threats. Monitoring is implemented through AWS CloudWatch and contains alerts for any unusual activity or performance issues, allowing us to proactively address potential security incidents and maintain the integrity of our infrastructure.
- Amazon Web Services (AWS) is our cloud service provider, and we utilize their secure infrastructure to host our application and data. AWS provides a range of security features and services that help us protect our infrastructure and data, including network security, access control, encryption, and monitoring.
- We leverage AWS Identity and Access Management (IAM) to manage access to our AWS resources, ensuring that only authorized personnel have access to sensitive data and systems. IAM allows us to create and manage user accounts, assign permissions, and enforce security policies to protect our infrastructure and data.
- Our infrastructure originates from the AWS US-East-1 region in Virginia, USA.
- We leverage a zero-trust approach to infrastructure security, which means that we do not automatically trust any user or system, even if they are within our network. Instead, we require strict authentication and authorization for all access to our infrastructure and data, regardless of the source or location of the request.
Network Security
- Our AWS infrastructure is protected by a Virtual Private Cloud (VPC) that provides network isolation and security controls to protect against unauthorized access and potential threats. The VPC is configured with subnets, security groups, and network access control lists (ACLs) to ensure that only authorized traffic can access our infrastructure.
- Our email communications are protected by AWS Simple Email Service (SES), and include SPF, DKIM, and DMARC records to help prevent email spoofing and phishing attacks. These email authentication protocols help ensure that our emails are delivered securely and that our users can trust the communications they receive from us.
- Our Web Application Firewall (WAF) filters incoming traffic to protect against common web application attacks such as SQL injection, cross-site scripting (XSS), and distributed denial-of-service (DDoS) attacks. The WAF is configured to monitor and filter incoming traffic, blocking any malicious requests that may pose a threat to the security of our application.
