Yes. Jobin.cloud complies with the EU-US Privacy Shield Framework as set forth by the Department of Commerce which applies to the collection, use and retention of customer personal data from the European Union. In addition to that, Jobin's platform and data processor is also compliant with the even more restrictive General Data Protection Regulation (EU) 2016/679 (GDPR) protecting the privacy and management of personal data for all individual citizens of the European Union (EU) and the European Economic Area (EEA). For more information, please check here.
Jobin.cloud exclusively makes use of data centres in the European Union.
The data centres are operated by Google Cloud Platform (GCP). The services provided by GCP are, to name a few, ISO 27001, CSA STAR, and SOC 2 certified - see all. Jobin.cloud, as data controller, implements measures which meet the principles of "data protection by design and by default" as defined in Article 25 of GDPR.
For more information, please click here.
The safety of your data is our top priority.
We have taken security very seriously from the very start and keeping the platform dependable is Jobin's responsibility. Safety is paramount when our customers entrust their sensitive data into our care, so we'll do all that's possible to keep it secure.
Our facilities are deployed on safe cloud servers, equipped with all the needed certifications such as the ISO 27001 (Google Cloud).
Jobin guarantees an end-to-end encryption cycle where all interaction with servers happens over a Secure Sockets Layer (SSL) transmission. This platform's network resources use JWT tokens that only last for a few minutes and are constantly verified and refreshed by our servers before granting access to account data. Our robust network security system employs the latest encryption and intrusion detection/prevention technologies.
All the data you added into Jobin.cloud is exclusively yours.
Jobin.cloud simply helps you manage your data and business more efficiently.
If you ever decide to delete your Jobin.cloud account, all your data will also be removed.
You can extract and export your data from your Jobin.cloud account in minutes anytime you wish.
Jobin's computing infrastructure is provided by the Google Cloud Platform, the industry-leading security cloud services platform.
Google’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley. Access to these facilities is tightly controlled, monitored and secured by a series of measures including (but not limited to) biometric access, security alarm systems and round-the-clock security staff.
We have developed a secure multi-tier network environment on top of Kubernetes’ infrastructure to ensure that our applications and data are protected and always accessible. In addition to strong security controls, Jobin ensures that the data it collects remains available through full, daily backups, retained for 30 days and tested weekly.
Our production network is based on the Kubernetes cluster, designed with Google's accumulated experience in container orchestration. Kubernetes provides security in layers. The 4Cs of Cloud Native security are Cloud, Clusters, Containers, and Code. This layered approach augments the defense in depth computing approach to security, which is widely regarded as a best practice for securing software systems.
Only authorized employees have access to our production infrastructure, and passwords are strictly regulated. We limit access to customer data to the employees who need it to provide support and troubleshooting on our customer's behalf. Accessing customer data is done solely on an as-needed basis, and only when approved by the customer (i.e. as part of a support request), or to provide support and maintenance.
We employ secure coding practices and ensure protection against the OWASP Top 10. Application Security within Jobin was, since the beginning, integrated into the development life-cycle and we undergo frequent white-box security assessments to catch any security issues.
Our application is protected against all the following checks:
Communication between Users and our servers is encrypted with 128-bit SSL / TLS encryption and all communications are sent over HTTPS link.
All authentication controls are enforced by the server side and all User passwords are securely hashed.
All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission.
It’s impossible for users to view data from organizations and work-groups other than their own.
The server logs all successful and failed authentications, automatically blocking access after too many failed logins. Password reset, change email and other sensitive request are Authenticated.
Server side sessions will timeout on invalidation of authentication tokens. These tokens are stored in cookies with Secure & HttpOnly flags & limited domain and path attributes, expires at end of the session.