Essential Tools for CEOs in 2025   🎉
Download the guide

Journey Security

Overview

At Journey, we take security seriously. Our platform is designed to protect your data, safeguard your privacy, and ensure that our infrastructure remains resilient against threats. Below is an overview of the key security measures we’ve implemented to keep your information safe.

Data Encryption

  • Encryption in Transit: All data transmitted between clients and The Journey Platform is encrypted using TLS 1.2 or higher. This ensures that data remains protected while being transferred over networks.
  • Encryption at Rest: Data stored in The Journey Platform’s databases is encrypted using AES-256 encryption. Backup data is also encrypted using the same standard to ensure complete data protection.

Access Control Measures

  • User Authentication: The Journey Platform uses strong password policies to ensure secure access to systems. User sessions are limited, and users must reauthenticate after a period of inactivity.
  • Role-Based Access Control (RBAC): Access to sensitive information and system functionality is granted based on the principle of least privilege. Users are only provided with access permissions necessary for their role.
  • Internal Access Controls: Only authorized personnel have access to systems that store or process sensitive data. Employee access is reviewed regularly, and access is revoked promptly for departing employees.

    • Incident Response and Reporting

    • Incident Response Plan: The Journey Platform has an incident response plan in place for detecting, responding to, and mitigating security incidents. This plan includes identification, containment, eradication, recovery, and post-incident activities such as reporting and a lessons-learned review.
    • Reporting Security Incidents: Any identified security incidents will be reported to the appropriate stakeholders and affected parties within 24 hours. Enterprises will be promptly notified of any security breaches that may impact their data.
    • Monitoring and Detection: We employ continuous monitoring using AWS services and other monitoring tools to identify suspicious activities, anomalies, or potential breaches in real-time.

    Data Integrity and Backup

    • Data Integrity: We utilize checksum verification processes and regular data validation to ensure data integrity across the platform. Any discrepancies or corruptions are flagged and resolved through automated processes or manual review.
    • Backup and Redundancy: Data is backed up and backups are stored in multiple geographically distributed locations to ensure data availability and disaster recovery capabilities. Redundant systems are in place to minimize downtime in the event of hardware failures.
    • Disaster Recovery: The Journey Platform has a documented disaster recovery plan that ensures business continuity in the event of system failures, with a Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 24 hours.

    Vendor Management and Third-Party Risk

    • Third-Party Assessments: The Journey Platform performs regular assessments of third-party vendors to ensure they comply with our security standards. This includes reviewing their SOC2 and ISO certifications where applicable.
    • Data Sharing: Any data shared with third-party vendors is encrypted and shared only for purposes necessary to provide our services. Vendor contracts include data protection agreements to ensure data is handled securely.

    Compliance with Security Standards

    • SOC2 Compliance: The Journey Platform is  SOC2 compliant, we use automated security and compliance tools provided by Vanta to ensure adherence to the highest security standards.
    • ISO 27001: We align with ISO 27001 practices to ensure a comprehensive information security management system (ISMS) is in place. This includes regular risk assessments, audits, and continuous improvement processes.

    Vulnerability Management

    • Regular Security Audits: The Journey Platform conducts regular security audits, including penetration testing and vulnerability scanning, to identify potential risks. Any vulnerabilities identified are promptly patched according to a documented patch management process.
    • Bug Bounty Program: We have a bug bounty program in place to encourage security researchers to responsibly disclose any vulnerabilities they identify in our platform.

    Employee Security Awareness

    • Training Programs: All employees undergo regular security awareness training, which includes topics such as phishing awareness, data protection, and incident response protocols.
    • Confidentiality Agreements: All employees sign confidentiality and non-disclosure agreements (NDAs) upon hiring to protect the integrity and confidentiality of client data.

    Infrastructure Security

    Our platform is hosted on Amazon Web Services (AWS), which provides robust physical security and environmental controls. We leverage AWS’s infrastructure to implement:

    • Virtual Private Cloud (VPC) for network segregation.
    • Regular vulnerability assessments and penetration testing.

    Data Retention

    Upon termination of the customer contract, The Journey Platform ensures that all customer data will be securely destroyed or removed in accordance with industry best practices and applicable legal requirements.

    Timeline for Data Deletion

    • Upon Contract Termination: Customer data will be retained for a grace period of 14 days post-termination to allow for potential recovery or export of data, as per customer request.
    • Permanent Deletion: After the grace period, all customer data will be permanently deleted from active systems, databases, and backups, ensuring that no personally identifiable information (PII) or sensitive data remains.

    Data Deletion Process

    • Active Systems: Data stored in active systems will be securely deleted using cryptographic erasure techniques or equivalent methods to ensure that the data is irrecoverable.
    • Backups: Any customer data residing in backup systems will be retained for 30 days post-termination and subsequently deleted through a secure deletion process, ensuring compliance with our retention policies.
    • Customer Notification: Customers will receive a confirmation once the deletion process is complete, providing assurance that all data has been removed in line with our policy.

    Security Reviews and Updates

    • Annual Security Reviews: We conduct annual reviews of our security policies, procedures, and practices to ensure they remain aligned with industry standards and evolving threats. These reviews also incorporate feedback from third-party security audits.
    • Continuous Improvement: The Journey Platform is committed to continuously improving our security practices and infrastructure based on the results of internal audits, external assessments, and customer feedback.

    Responsible Disclosure

    If you believe you’ve discovered a security vulnerability on our platform, please contact our security team at security@thejourneyplatform.com. We encourage responsible disclosure and work promptly to address all reported vulnerabilities.

    Contact Information

    For any security-related questions or concerns, please reach out to our security team at security@thejourneyplatform.com..

    Last updated: Sep, 2024.

    We use cookies to ensure you get the best experience on our website.
    Got it