Security

Juravie is built with security at its core. We understand that legal documents require the highest levels of protection.

Data Encryption

At Rest

All data is encrypted using AES-256 encryption. Encryption keys are managed through a dedicated key management service with automatic key rotation.

In Transit

All communications use TLS 1.2+ encryption. We enforce HTTPS for all connections.

Security Standards

Our security practices are aligned with industry-recognized frameworks. While we do not currently hold formal certifications, our controls are designed following the principles of these standards:

SOC 2 Principles

Our security controls follow SOC 2 Trust Service Criteria covering security, availability, and confidentiality

ISO 27001 Principles

Our information security management practices are aligned with ISO 27001 control objectives

Tenant Data Isolation

Unlike many SaaS platforms that use shared databases with logical separation, Juravie provides dedicated database isolation for every customer:

  • Dedicated Database Per Customer

    Each customer's data is stored in a completely separate, isolated database. No data is shared or commingled between customers at the database level.

  • Isolated File Storage

    Each customer's documents are stored in a dedicated, isolated storage container with no shared access.

  • Enforced at Runtime

    Tenant isolation is enforced programmatically at the application level, preventing accidental cross-tenant data access.

Infrastructure Security

  • Data Region Selection

    Choose where your data is stored: Australia (Sydney) or United States (Virginia). Your data stays in your selected region.

  • Automated Backups

    Automated daily backups with point-in-time recovery capabilities within a 7-day window.

  • DDoS Protection

    Built-in protection against distributed denial of service attacks.

Access Controls

  • Role-Based Access Control

    Granular permissions at document and feature level with Admin, Manager, and User roles.

  • SSO Integration

    Enterprise-grade authentication. Enterprise customers can integrate with existing identity providers.

  • Audit Logging

    Complete activity logs covering all data access, modifications, and AI interactions, retained for 7 years.

Geographic Access Controls

To enforce data sovereignty requirements, access to the Service is restricted by geographic location using infrastructure-level controls:

  • WAF Geo-Restriction

    Web Application Firewall rules enforce country-level access restrictions. Requests originating from outside the permitted countries are automatically blocked before reaching the application.

  • Region-Specific Access

    Australia / New Zealand region: accessible only from Australia and New Zealand. United States region: accessible only from the United States.

  • Access Logging and Monitoring

    All access attempts, including blocked requests, are logged and monitored. WAF logs are retained for audit and compliance purposes.

AI Security

  • No Training on Your Data

    Your documents are never used to train AI models. Your data remains yours.

  • Zero Data Retention by AI Providers

    Our AI infrastructure operates under enterprise terms that prohibit data retention by AI providers. Your prompts and outputs are not stored after processing.

  • Isolated AI Processing

    AI processing is performed independently for each customer. Your data is never accessible to or influenced by another customer's data.

For full details, see our AI Policy.

Security Contact

If you discover a security vulnerability, please report it responsibly to:

support@juravie.com

We appreciate responsible disclosure and will work with you to address any issues promptly.