Security &
Privacy

Our philosophy

Security is not a feature — it's a design principle. Every architecture decision in Jose starts from the assumption that your data is private and must stay that way.

Encryption

• In transit: all communications use TLS 1.3.
• At rest: stored data encrypted with AES-256.
• Key management: automated key rotation on a regular schedule.

Access control

• Role-based access control (RBAC) — nobody accesses more than they need.
• Multi-factor authentication required for all team members.
• Audit logs for all production data access.

Infrastructure

• Hosted on cloud providers with SOC 2 Type II and ISO 27001 certification.
• Daily backups with 30-day retention and monthly restore testing.
• Production environment fully isolated from development and staging.

Monitoring and incident response

We continuously monitor our infrastructure for anomalies. In the event of a security incident affecting your data, we will notify you within 72 hours as required by GDPR.

Responsible disclosure

If you've found a security vulnerability, please contact our team before disclosing it publicly:

[email protected]

We investigate all reports and respond within 5 business days.

Questions?

For security or privacy questions: [email protected]