Security

Customer confidence is our first priority, so we take significant efforts to protect all your data and handle it securely.

Process Excellence and Infrastructure

When security events are reported they are escalated to our management team to rapidly address the event. After the event was handled, our team will identify the source of the problem and re-engineer our processes to present such events from happening again. In addition, as we typically deploy code a number of times a day, we are confident about resolving a security issue when it is identified.

In terms of infrastructure, all of our services run in the cloud. Juven does not run our own routers, load balancers, DNS servers, or physical servers. Most of our services and data are hosted in Amazon Web Services (AWS) facilities in Singapore.

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network. Juven uses MongoDB’s MMS backup solution for datastores that contain customer data.

Data

All customer data is stored in Singapore.

Customer data is stored in multi-tenant datastores, we do not have individual datastores for each customer. However strict privacy controls exist in our application code to ensure data privacy and prevent one customer from accessing another customers data.

Data Transfer

All data sent to or from Juven is encrypted in transit using 256 bit encryption.

Our API and application endpoints are TLS/SSL only and score an "A+" rating on SSL Labs' tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.

Authentication

Juven is served 100% over https. Juven runs a zero-trust corporate network.

There are no corporate resources or additional privileges from being on Juven’s network.

We have two-factor authentication (2FA) and strong password policies on GitHub, Google, AWS MongoDB and Juven to ensure access to cloud services are protected.

Application Monitoring

On an application level, we produce audit logs for all activity, ship logs to Logentries for analysis, and use S3/Glacier for archival purposes.

All access to Juven applications is logged and audited.

Bastion hosts are used to login to devices.

All actions taken on production consoles or in the Juven application are logged.

Compliance

Juven Limited complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.

PCI Obligations

Juven is not subject to PCI obligations. All payment instrument processing is outsourced to Stripe.