Security
Last updated: Jun 11, 2025
Johi Ensures Safe Payments and Community Services
Our platform implements enterprise-grade security measures designed for user experience and financial services. All user data is fully protected with secure data access controls and industry-standard encryption protocols across our mobile payments application and Creatives Club services.
Product Security
Data Encryption in Transit and at Rest
All user data is encrypted at rest using industry-standard encryption protocols for maximum protection. Personal information, financial data, survey responses, and Creatives Club member information are secured with robust encryption standards. All data transmitted over our network is protected using HTTPS with TLS 1.2/1.3 protocols, ensuring secure communication between user devices and our servers.
Payment and Financial Security
Johi uses Stripe, a PCI DSS Level 1 certified payment processor, to handle all subscription payments and financial transactions. We never store complete payment information on our servers. All financial data is processed through secure, compliant infrastructure that meets the highest standards for payment security. Our Johi Circle and payments services utilize additional security layers including blockchain-based transaction verification and multi-signature security protocols.
User Authentication and Authorization
Strict permission controls ensure that data access is limited to authorized individuals only. All users including Creatives Club members can only access their own account information and features. Multi-factor authentication is required for account access and sensitive operations. User verification and identity confirmation processes prevent unauthorized account access and ensure platform security.
Blockchain Infrastructure Security
Our payments application utilizes blockchain technology for enhanced transaction security through decentralized architecture and cryptographic protection. Smart contract security is maintained through regular audits and secure development practices. Private key management and wallet security follow industry best practices to protect user assets and transaction integrity.
Data Protection and Isolation
User accounts are maintained in separate and secure production environments, completely isolated from internal systems including development and testing instances. This separation enables johi to implement stringent access controls and comprehensive auditing measures. Financial data, personal information, and Creatives Club content are all maintained in isolated, secure environments with role-based access controls.
Regular Security Testing
In addition to continuous internal security monitoring and automated vulnerability scanning, johi engages third-party security experts to conduct regular penetration testing and comprehensive security assessments. Our platform undergoes periodic security audits to identify and address potential vulnerabilities proactively.
Operational Security
Secure Cloud Infrastructure
All data is hosted on secure, enterprise-grade cloud infrastructure that complies with industry security standards including SOC 2 compliance. Our infrastructure is monitored continuously with physical and digital access strictly limited to authorized personnel. Data backups are maintained in multiple geographically distributed secure locations to ensure redundancy, availability, and disaster recovery capabilities.
Comprehensive Security Policies
Johi's security policies adhere to industry-standard frameworks including NIST guidelines and implement comprehensive data protection protocols. Our security framework covers blockchain security, financial data handling, user privacy protection, incident response procedures, and continuous security monitoring. Security policies are regularly reviewed and updated to address emerging threats and regulatory requirements.
Robust Access Control and Monitoring
We enforce stringent measures to ensure that only authorized personnel can access user information and platform systems. Access to johi's production systems is restricted based on need-to-know principles and least privilege access controls. All administrative access requires multi-factor authentication, IP whitelisting, and time-limited access sessions. Comprehensive access logs are maintained and reviewed regularly for security monitoring and compliance purposes.
Business Authentication and Identity Management
Johi employs multi-factor authentication, single sign-on (SSO), and advanced identity management protocols for all business operations and administrative access. Employee access is managed through centralized identity systems with regular access reviews and automated deprovisioning procedures.
Employee Security and Training
All johi team members undergo comprehensive security training upon joining the company and participate in ongoing security awareness programs throughout their employment. Security training covers data protection best practices, incident identification and response procedures, social engineering awareness, and secure handling of user information. Background checks are conducted for all employees with access to user data or production systems.
Endpoint Security and Device Management
All employee devices used for business operations are equipped with full disk encryption, enterprise-grade antivirus and anti-malware protection, and centralized security monitoring. Device management policies ensure regular security updates, patch management, and remote wipe capabilities for lost or stolen devices. Network security includes VPN requirements for remote access and secure network segmentation.
Financial Services Security
Banking-Grade Security Standards
Our financial services implement security standards equivalent to traditional banking institutions, including encryption, access controls, transaction monitoring, and fraud detection. All financial transactions are processed through secure, audited systems with comprehensive logging and monitoring capabilities.
Transaction Security and Monitoring
Real-time transaction monitoring identifies and prevents fraudulent activity, unusual patterns, and security threats. Multi-signature requirements and transaction limits provide additional security layers for high-value transactions. Blockchain-based transaction records provide transparent and immutable audit trails.
Regulatory Compliance and Auditing
Johi maintains compliance with applicable financial services regulations including anti-money laundering (AML), know-your-customer (KYC), and data protection requirements. Regular compliance audits ensure adherence to regulatory standards and security best practices. Comprehensive audit trails and reporting capabilities support regulatory compliance and security investigations.
Incident Response and Monitoring
24/7 Security Monitoring
Our platform is monitored continuously for security threats, unusual activity, and system anomalies. Automated security alerts notify our security team immediately of potential threats or suspicious activities. Real-time monitoring covers network traffic, user activity, system performance, and security events.
Comprehensive Incident Response
Johi maintains a detailed incident response plan covering threat identification, containment, investigation, and resolution procedures. Our incident response team includes security experts, technical engineers, and management personnel. Response procedures include user notification protocols, regulatory reporting requirements, and post-incident analysis and improvement processes.
Transparent Security Communications
In the event of security incidents affecting user data or services, we commit to prompt and transparent communication with affected users. Security notifications include clear information about the nature and scope of incidents, steps taken for resolution, and recommendations for user protection. Regular security updates keep users informed about platform security enhancements and best practices.
User Security Guidance
Account Security Best Practices
Users should implement strong security practices including complex passwords, two-factor authentication activation, regular account monitoring, and secure device usage. We provide security guidance and tools to help users protect their accounts and personal information.
Blockchain and Wallet Security
For users accessing blockchain-based services, proper private key management and wallet security are essential. We provide education and tools for secure private key storage, backup procedures, and transaction verification. Users are responsible for maintaining security of their blockchain credentials and assets.
Fraud Prevention and Reporting
Users should remain vigilant for phishing attempts, social engineering attacks, and other security threats. We provide guidance for recognizing and avoiding common security threats and encourage immediate reporting of suspicious activities or security concerns.
Contact Security Team
For security concerns, questions about our security practices, or to report potential security issues:
Address: R. Nova da Trindade 1, 3 Direito, 1200-443 Lisboa, Portugal
Security Incident Reporting:
For urgent security matters, please email security@johi.xyz with "SECURITY INCIDENT" in the subject line. Our security team monitors this email continuously and responds immediately to verified security concerns.
Response Commitments:
Security inquiries: Within 2 hours during business hours
Incident reports: Immediate acknowledgment and investigation
General security questions: Within 24 hours
Johi continuously invests in security improvements and stays current with the latest security best practices to protect user data and financial services. Our security program evolves with emerging threats and regulatory requirements to maintain the highest levels of protection for our users and platform.