The confidentiality of the data entrusted to us by our users is at the heart of our activity
Indeed, our core business is toxicity, i.e. human resources issues focused on a certain type of discomfort ranging from simple inconvenience to real suffering (in case of harassment or discrimination).
All of this information is deeply personal, and some is health-related.
Hence the data security/cyber security and privacy policy commitments included in our terms of use.
JustEase commits to following the industry's highest standards in this matter. This commitment entails:
Using specialized sub-processors, such as Sendgrid, Cloudflare, Sentry, in addition to AWS and AWS security,
Vetting and regularly re-evaluating each sub-processor security against the industry's highest standards
Publishing to Cloud Security Alliance (CSA)'s Security, Trust, Assurance, and Risk (STAR) registry (Level 1), to show our customers our security and compliance posture, including the regulations, standards, and frameworks we adhere to.
Your employees' statements into our app about toxic behavior can be extremely personal..
All data is encrypted both during transit (TLS) and at rest using AES-256.
All administrators can access our dashboards only with a two-factor authentication (TOTP), with an optional single sign-on (SSO).
We use a third-party security firm to run penetration tests on a regular basis. And these results do not remain a dead letter, but lead to priority changes.
We also run a recurrent automated vulnerability scanning on our infrastructure. We scan our code repository on code changes for vulnerable dependencies, and can therefore fix them at the onset.
We use AWS (Amazon Web Services), with its high standard of uptime, reliability and data protection.
We want our servers to be located in Europe (Ireland, London, Paris) rather than in the United States, to protect your data from an invasive legal investigation. The infrastructure provided by AWS is ISO 27001 and SOC 2 certified.
AWS physical access protection to the data center is well known, including professional security staff, video surveillance, intrusion detection systems, biometric locks...etc. (see AWS Security and AWS Compliance)
Our data is hourly automated backups, which are retained for 7 days. All backups are stored on encrypted storage, in our AWS servers in Europa, with access limited to the extreme.
Log data is stored for 90 days, but it doesn’t contain any personal data.
The privacy policy commitments included in our terms of use will fully comply with the law, but will also really go further:
Not only will we bring in expert legal counsel on these issues, but we will actively seek input from our customers.