security
Last Updated: Jun 8, 2025
Johi - Protecting Creators and Their Data
Johi Ensures Safe Creator Networking and Community Building
Our platform integrates enterprise-grade security measures designed for user experience and financial services. All user data is fully protected with secure data access controls and industry-standard encryption protocols.
Product Security
Data Encryption in Transit and at Rest
Data is encrypted at rest using industry-standard encryption for maximum protection. All data transmitted over the network is secured using HTTPS with TLS 1.2/1.3 protocols.
johi uses Stripe, a PCI DSS Level 1 certified payment processor, to handle all subscription payments. We never store complete payment information on our servers.
Authorization
Strict permission controls ensure that data access is limited to authorized individuals only. All users including Creative Club members can only access their own account information and features. User verification is required for account access.
Data Protection
User accounts are kept separate and secure in production environments, distinct from internal systems like development and testing instances. This separation enables johi to implement stringent access controls and auditing measures.
Blockchain Infrastructure Security
Our upcoming banking application will utilize blockchain technology for enhanced security through decentralized architecture and cryptographic protection of financial transactions.
Penetration Testing
In addition to continuous internal security monitoring, johi engages third-party security experts to conduct regular penetration testing and vulnerability assessments. Our systems undergo periodic security audits to identify and address potential vulnerabilities before they can be exploited.
Operational Security
Secure Infrastructure Development
Our current services utilize secure, enterprise-grade infrastructure while we develop our full blockchain-based application. All data is stored in secure environments that comply with industry security standards. Our infrastructure is monitored continuously with physical and digital access strictly limited to authorized personnel. Data backups are maintained in multiple secure locations to ensure redundancy and availability, protecting against data loss.
Security Policies and Compliance
Johi's security policies adhere to industry-standard frameworks and implement comprehensive data protection protocols. As we develop our blockchain infrastructure, we maintain strict security policies covering:
Data handling and processing procedures
Incident response and breach notification protocols
Regular security assessments and updates
Employee security training and awareness programs
Blockchain security best practices and smart contract auditing
Robust Access Control
We enforce stringent measures to ensure that only authorized personnel can access user information. Access to johi's production systems is restricted on a need-to-know basis following the principle of least privilege. All administrative access requires:
Multi-factor authentication (MFA)
IP whitelisting for additional security layers
Regular access reviews and audit logs
Time-limited access sessions
Authentication Security
Johi employs multi-factor authentication across all business operations and administrative systems. Our team uses single sign-on (SSO) solutions with additional security layers to protect against unauthorized access to user data and business systems.
Data Privacy and Protection
Creator Data Protection
We understand the sensitive nature of creator career information, networking data, and personal details shared through surveys and Creative Club interactions. All creator data is:
Encrypted both in transit and at rest
Processed only for stated purposes (Creative Club services, product improvement)
Never sold or shared with unauthorized third parties
Retained only as long as necessary for service provision
Survey and Feedback Security
Creator career surveys and feedback submissions are protected with the same enterprise-grade security as all other user data. Survey responses are encrypted, access-controlled, and used solely for improving johi's services and curating relevant creator networking opportunities.
Communication Security
Creative Club emails and all communications from johi are sent through secure, authenticated channels. We implement email security protocols including SPF, DKIM, and DMARC to prevent email spoofing and ensure the authenticity of our communications.
Human Security
Employee Security Training
All johi team members undergo comprehensive security training upon joining the company and participate in ongoing security awareness programs. Our training covers:
Data protection best practices
Incident identification and response procedures
Social engineering awareness and prevention
Secure handling of creator and user information
Background Verification
Background checks are conducted for all employees who have access to user data or production systems, ensuring that only trusted individuals handle sensitive creator information.
Endpoint Security
All employee devices used for business operations are equipped with:
Full disk encryption for data protection
Enterprise-grade antivirus and anti-malware protection
Centralized monitoring and security management
Regular security updates and patch management
Remote wipe capabilities for lost or stolen devices
Incident Response and Monitoring
24/7 Security Monitoring
Our systems are monitored continuously for security threats, unusual activity, and potential vulnerabilities. Automated alerts notify our security team of any suspicious activities or system anomalies.
Incident Response Plan
Johi maintains a comprehensive incident response plan that includes:
Immediate threat containment and mitigation procedures
User notification protocols for any data security incidents
Coordination with relevant authorities when required
Post-incident analysis and system improvements
Transparency and Communication
In the unlikely event of a security incident affecting user data, we commit to:
Prompt notification to affected users
Clear communication about the nature and scope of the incident
Detailed information about steps taken to resolve the issue
Regular updates throughout the resolution process
Third-Party Security
Vendor Security Assessment
All third-party services and vendors used by johi undergo security assessments to ensure they meet our security standards. This includes:
Payment processors (Stripe)
Email service providers
Analytics and monitoring tools
Cloud infrastructure providers
Data Processing Agreements
We maintain comprehensive data processing agreements with all vendors who may handle user data, ensuring they adhere to the same high security and privacy standards that we maintain internally.
Compliance and Certifications
Regulatory Compliance
Johi maintains compliance with applicable data protection regulations including:
General Data Protection Regulation (GDPR) for EU users
Portuguese data protection laws
Industry-standard security frameworks and best practices
Regular Audits
Our security practices and systems undergo regular internal and external audits to ensure ongoing compliance with security standards and regulations.
Contact Security Team
If you have security concerns, questions about our security practices, or need to report a potential security issue, please contact us:
Email: support@johi.xyz
Address in Portugal: R. Nova da Trindade 1, 3 Direito, 1200-443 Lisboa, Portugal
Address in Netherlands: Keizersgracht 555, 2nd Floor, 1017 DB Amsterdam
For urgent security matters, please email support@johi.xyz with "SECURITY INCIDENT" in the subject line.
At johi, we believe that strong security is fundamental to building trust with our creator community. We continuously invest in security improvements and stay current with the latest security best practices to protect your data and privacy.