Our Commitment to Security

Organizational Security

This page outlines the security measures and practices implemented in the JeniusCC platform to protect customer data and ensure system integrity.

Information Security Program

We have an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows industry best practices and security standards. The program is designed to protect customer data, maintain system integrity, and ensure continuous security monitoring.

Third-Party Audits

Our organization undergoes independent third-party assessments to test our security and compliance controls. We maintain regular security reviews and assessments to ensure our security posture remains robust.

Roles and Responsibilities

Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. Our team members are required to review and accept all security policies. The system implements role-based access control with the following roles:

User: Basic access to platform features
Manager: Enhanced access for team management
Admin: Administrative access for organization management
Super Admin: Full system access and management capabilities

Security Awareness Training

Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.

Confidentiality

All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.

Background Checks

We perform background checks on all new team members in accordance with local laws.

Cloud Security

Cloud Infrastructure Security

All of our services are hosted on Vercel with additional cloud services from Amazon Web Services (AWS). Our infrastructure employs robust security measures including:

Vercel Platform: Provides enterprise-grade security with automatic HTTPS, DDoS protection, and global CDN
AWS S3: Secure file storage with encryption at rest and in transit
AWS IAM: Role-based access control for cloud resources
MongoDB Atlas: Managed database service with built-in security features

For more information on our provider’s security processes, please visit:

Data Hosting Security

All of our data is hosted on MongoDB Atlas databases with additional file storage on AWS S3. These databases are located in the US-EAST-2. Our database schema includes comprehensive access controls, data encryption, and audit logging.

Encryption at Rest

All databases are encrypted at rest using industry-standard encryption algorithms. MongoDB Atlas provides automatic encryption of data at rest using AES-256 encryption.

Encryption in Transit

Our applications encrypt data in transit with TLS/SSL only. All API communications, database connections, and file transfers use encrypted protocols.

Vulnerability Scanning

We perform vulnerability scanning and actively monitor for threats. Our security monitoring includes:

Automated dependency scanning for known vulnerabilities
Regular security audits of our codebase
Continuous monitoring of security advisories for our technology stack

Logging and Monitoring

We actively monitor and log various cloud services through multiple monitoring systems:

Sentry: Error tracking and performance monitoring across all applications
PostHog: User analytics and behavior monitoring
Custom logging: Application-specific security and audit logs
AWS CloudWatch: Infrastructure and service monitoring
Vercel Observability: Real-time infrastructure monitoring

Business Continuity and Disaster Recovery

We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users. Our disaster recovery plan includes:

Automated daily backups of all critical data
Point-in-time backups and recovery for the database
Geographic redundancy for high availability
Automated failover procedures

Access Security

Permissions and Authentication

Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role. Our authentication system includes:

Better Auth: Modern authentication framework with secure session management
Role-based access control: Granular permissions based on user roles
Session management: Secure session handling with automatic expiration
Rate limiting: Protection against brute force attacks

Where available we have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to cloud services are protected.

Least Privilege Access Control

We follow the principle of least privilege with respect to identity and access management. Users are granted only the minimum permissions necessary to perform their job functions.

Password Requirements

All team members are required to adhere to a minimum set of password requirements and complexity for access. Our password policy includes:

Minimum length requirements
Complexity requirements (uppercase, lowercase, numbers, special characters)
Regular password rotation
Prevention of password reuse

Password Managers

All company issued laptops utilize a password manager for team members to manage passwords and maintain password complexity.

Data Protection and Privacy

Data Classification

Our system handles various types of data with appropriate security measures:

User Data: Personal information, authentication credentials, preferences
Organization Data: Company information, member lists, settings
Content Data: Chat messages, files, documents, quiz responses
Analytics Data: Usage statistics and performance metrics

Data Retention

We implement appropriate data retention policies:

User data is retained according to our privacy policy
Deleted data is securely removed from our systems
Backup data is retained for disaster recovery purposes only

Data Processing

All data processing follows security best practices:

Input validation and sanitization
SQL injection prevention through parameterized queries
XSS protection through proper output encoding
CSRF protection on all state-changing operations

Application Security

Code Security

Our development process includes multiple security measures:

TypeScript: Static type checking to prevent runtime errors
ESLint: Code quality and security linting
Dependency scanning: Regular updates and vulnerability scanning
Code reviews: All changes require security review

API Security

Our APIs implement comprehensive security measures:

Authentication: All API endpoints require valid authentication
Authorization: Role-based access control for all resources
Rate limiting: Protection against abuse and DDoS attacks
Input validation: Comprehensive validation of all inputs
Error handling: Secure error responses that don’t leak sensitive information

File Security

File uploads and storage are secured through:

AWS S3: Secure cloud storage with encryption
File type validation: Prevention of malicious file uploads
Access control: Signed URLs for secure file access
Virus scanning: Automated scanning of uploaded files

Technology Stack Security

Frontend Security

Our React/Next.js applications implement security best practices:

Content Security Policy: Protection against XSS attacks
HTTPS enforcement: All communications encrypted
Secure cookies: HttpOnly and Secure flags on all cookies
Input sanitization: Prevention of injection attacks

Backend Security

Our Node.js/TypeScript backend includes:

Authentication middleware: Secure session validation
Authorization checks: Role-based access control
Input validation: Comprehensive request validation
Error handling: Secure error responses

Database Security

Our MongoDB database is secured through:

Connection encryption: TLS for all database connections
Access control: Role-based database permissions
Audit logging: Comprehensive activity logging
Backup encryption: Encrypted database backups

Monitoring and Incident Response

Security Monitoring

We maintain comprehensive security monitoring:

Real-time alerting: Immediate notification of security events
Log analysis: Automated analysis of security logs
Threat detection: Advanced threat detection capabilities
Performance monitoring: Continuous system health monitoring

Incident Response Process

Our incident response process includes:

Detection: Automated and manual detection of security incidents
Analysis: Rapid assessment of incident scope and impact
Containment: Immediate steps to limit incident impact
Eradication: Complete removal of threat from systems
Recovery: Restoration of affected systems and services
Lessons Learned: Post-incident analysis and process improvement

Compliance and Certifications

Data Protection Compliance

We maintain compliance with relevant data protection regulations:

GDPR: European data protection compliance
CCPA: California consumer privacy compliance
Industry standards: SOC 2, ISO 27001 alignment

Security Certifications

Our platform and processes align with industry security standards:

OWASP Top 10: Protection against common web vulnerabilities
NIST Cybersecurity Framework: Comprehensive security controls
Cloud Security Alliance: Cloud security best practices

Contact Us

If you have any questions, comments or concerns or if you wish to report a potential security issue, please contact security@janek.com.

For general support inquiries, please contact info@janek.com.

Sales Training

Skills

Sales Enablement Tools

Sales Training Overview

Sales Training Overview

Related links

Blog: The Science of Learning Sales

Sales Training Delivery

Sales Training Delivery Options

Related links

What Type of Sales Training is Right For Your Team?

Critical Selling® Skills

Critical Selling® Skills

Related links

Blog Post: The Essence of Sales Training

Critical TeleSelling® Skills

Critical Teleselling® Skills

Related links

Blog: Getting Off the Emotional Rollercoaster of Selling

Critical Prospecting™ Skills

Critical Prospecting™ Skills

Related links

White Paper: How Successful Sales Teams Build Pipeline and Achieve Quota

Critical Service & Sales™ Skills

Critical Service & Sales™ Skills

Related links

Blog: Defining the Customer Journey

Winning at Trade Shows™

Winning at Trade Shows™

Related links

Blog: How to Navigate Sales and Trade Show Post-COVID

Critical Account Planning™

Critical Account Planning™

Related links

Blog: How to Build Stronger Relationships in Account Planning

Critical Negotiation™ Skills

Critical Negotiation™ Skills

Related links

White Paper: The Ultimate Guide to Sales Negotiations

Selling Virtually™

Selling™ Virtually

Related links

Video: Selling Virtually

Selling to the C-Suite™

Selling to the C-Suite™

Related links

Blog: How to Influence the C-Suite

Strategic Storytelling™ Skills

Strategic Storytelling™ Skills

Related links

Podcast: Storytelling Drives Connections That Result in Sales

Critical Sales Presentation™ Skills

Critical Sales Presentation™ Skills

Related links

Blog: 5 Tips to Craft Winning Sales Presentations

Critical Sales Coaching™ Skills

Critical Sales Coaching™ Skills

Related links

Blog: Is Coaching Salespeople Different Than Managing Them?

TOPS® Reinforcement & Coaching

TOPS® Reinforcement & Coaching

Related links

White Paper: How to Be a High-Performing Sales Leader in Today's Marketplace

Janek Xpert™

Janek Xpert™

Related links

Why Sales Training Reinforcement is Critical for Your Organization

Jenius

Jenius

Related links

Navigating the AI Revolution in Sales

Janek OnDemand

Janek OnDemand

Related links

The Science of Learning Sales

Sales Tech

Jenius

Jenius

Related links

Looking to gain a competitive sales advantage? Talk to us about our award-winning training, coaching, and consulting solutions.