Security and Privacy

Our platform is designed to offer excellent privacy for individuals, putting them in control of their data, what they are sharing and with whom.

Data is always encrypted at rest and in transit. JNCTN accounts can be protected with multi-factor authentication (MFA). Access is monitored 24/7 and any suspicious activity is investigated promptly.

Our platform offers role-based access control (RBAC), giving granularity and allowing organisations to implement key security principles, such as the principle of least-privilege.

The JNCTN platform is cloud-only, built as code, and designed to be secured from the ground up using serverless technology, in line with the Microsoft Azure Well-Architected Framework. All resources in our infrastructure are protected and monitored by Microsoft’s tools, such as Azure Defender.

Access controls are paramount in cloud-based environments. We use dedicated accounts protected with phishing-resistant multi-factor authentication (MFA) to access the production environments. We also have additional controls to secure access, such as conditional access, rate-limiting, and other risk indicators.

JNCTN implements encryption in transport (HTTPS using TLS1.2+) and at rest for all data (typically AES-based), using strong encryption and disabling all deprecated protocols to always ensure the strongest protection possible.

All actions are logged and evaluated by Azure’s security tools. Our security operations centre (SOC) monitors our environments 24/7 and any suspicious activity will be immediately triaged and investigated.

Serices run from multiple locations to ensure high-availability and redundancy in case of a failure. Data is stored on redundant storage, in redundant locations, and is backed up regularly. It is only stored in SOC 2 compliant Azure data centres.

JNCTN leverages the power of Microsoft Azure to ensure elevated levels of security and redundancy. We use firewalls, network access controls and other techniques designed to prevent unauthorized access to systems processing or storing data.

All operations staff use workstations secured using Microsoft advanced threat protection, with remote access controlled by MFA, conditional access, and Privileged Identity Management (PIM). They can securely monitor and maintain the environment 24/7, from any location.

JNCTN can operate in a decentralized fashion, with all staff able to securely work from home or another office, as and when required. We have tested business continuity plans to cover the top scenarios such as infrastructure outages, natural disasters, etc.

We continuously monitor our code, infrastructure and services for known vulnerabilities. We also run 3rd party independent penetration tests at least every 12 months. This allows us to stay ahead and continue to improve our platform security. We also encourage responsible disclosure. We take all reports extremely seriously and will endeavor to fix reported issues promptly.