Frequently Asked Questions about Security

Where is Join hosted?

Join runs on the Amazon Web Service platform (AWS) and is compliant with the AWS security policy.

What information does Join collect?

The Join web application collects project information and some information about users that log into the application. The Join Privacy Policy explains in detail the information that is collected and how it is used.

What is Join’s policy on cyber incident awareness?

Join runs an internal cybersecurity employee awareness program led by the Join CISO. Risk and vulnerability assessments are conducted with every incremental code review. In the event of a cyber incident, Join will notify our customers within five (5) business days or less upon being made aware of a cyber incident.

How does Join handle access control?

Join uses a third-party authentication provider (Auth0) for access control and enforcing pre-authentication risk checks. The system identifies users and data access is limited by a Role-Based Access Control layer. Join retains logs for end-user authentication for two (2) days for user login and seven (7) days for user actions ensuring the actions of individual users can be uniquely traced.

How does Join protect data at rest or in transit?

Join encrypts all data at rest and utilizes TLS for all data-center to client-side communications. 

Does Join support Single Sign-on?

Join does not currently support SSO, LDAP, or Azure AD integration.

Is Join GDPR compliant?

Although Join has designed its Privacy Policy to align with both GDPR and CCPA, it does not currently offer its product as a service in the EU/EEA nor does it target companies or residents of the EU/EEA. For these reasons, GDPR does not apply to Join at this point in time. If you are considering using Join for a project that has an EU/EEA affiliation or clientele, please notify us in advance so that we can convey a timeline for when Join will be ready to accommodate this scenario.

What is Join's data backup strategy?

The Join data storage strategy was designed for a high level of availability and substantial disaster protection. There are two types of data in Join: relational data which is stored in a SQL database (most data) and blob storage (uploaded images, etc.) are stored in AWS Storage Service (S3). The SQL database is backed up daily, and the restoration process is exercised at least weekly to ensure that it functions properly. Join retains these backups for seven (7) days. S3 provides replication across multiple data centers to ensure availability in case of failure or data center loss.