Security POLICY

We take security seriously. Put your mind at ease knowing that we are doing everything we can to keep you and your information safe. Data that goes through our products is always encrypted in transit and at rest. That’s an extra layer of security at every point in your data’s journey. 

We take privacy seriously. We never record any sensitive information like usernames, channel names or conversations. We only store the bare minimum information needed for us to help you grow and manage your Discord communities.

Additionally, we have never and will never sell or grant access to your data to anyone for any reason.

‍

All employees, contractors, similar actors, systems and integrations are required to follow the stated protocols below.

• Non-disclosure.

Employees will not get access to data without signing and agreeing to our full company policy.

• The principle of least access or least privilege

Only employees that need access to specific information and data in order to perform their daily tasks will be granted access. Never because of temporary need or convenience.

• An obligation to report incidents

We provide our employees with a secure and accountable security incident reporting process. All employees, contractors and similar actors are required to report any security related issue or perceived security issues within 1 business day and ideally immediately.

• Common sense practices

Employees, contractors or similar actors must take common steps to help contribute to the company security policy. Things like:

- Lock their computers and devices when away

- Maintain best practice standards for passwords

- No device or account sharing

- No sensitive information discussions in insecure/public environments

- Take basic security training

- Report lost or stolen devices

• Password Protection

All access to company accounts and information must be password protected and always with 2FA when available.

• Secure Communications

Any communications, internal or external, must be encrypted at all times and should never directly contain sensitive information

• Secure Transmission

Transmissions of sensitive information must be encrypted at all times. This includes emails, instant messages, integrations, and API requests.

• Secure Storage

Storage of sensitive information must be encrypted at all times. This includes external devices such as USB sticks and mobile devices.

• Secure networks and operating systems

Employees, contractors or similar actors must run Operating Systems updates once per week or more frequently. They must have reputable anti-virus and network security software. Firewalls must be in place and should not permit inbound access.

• Embracing Security

Employees, contractors or similar actors must recognize security is a company wide responsibility, be honest and transparent about potential incidents, and must not get lazy or complacent with adhering to the most recent standards and guidelines.

‍

If you have any questions about our security policy or want to see our full company policy, please email us at contact@joyn.gg