Trust Center
JustAI is built to be dependable for marketing teams and safe for customer data. We are proud to be SOC 2 Type 2 compliant.
Resources
Section titled “Resources”The items below are commonly requested during security reviews. Availability may vary by plan and procurement process.
| Item | Notes |
|---|---|
| Policies (high level) | Privacy Policy |
| Audit Reports (if applicable) | Available upon request |
| Penetration Testing (summary) | Available upon request |
| Data Processing Agreement | Available upon request |
| SOC2 Type 2 | Available upon request |
To request materials for a vendor review, contact us.
Compliance & Assurance
Section titled “Compliance & Assurance”Many customers request evidence such as policies, audit reports, and penetration testing summaries.
We can share appropriate materials on request as they are available for your plan and procurement process.
Where do I send a security questionnaire?
Section titled “Where do I send a security questionnaire?”Contact us and include your org name, requested due date, and any required format (e.g. spreadsheet or portal).
Can you share audit reports?
Section titled “Can you share audit reports?”If we have applicable third-party assurance materials for your request, we can share them through an appropriate channel during procurement.
Contact
Section titled “Contact”For trust and security questions, reach out to your JustAI contact or support.
This page describes practical controls we use to operate JustAI securely. Details may vary by environment and enabled features.
Infrastructure & Network security
Section titled “Infrastructure & Network security”- Cloudflare edge: JustAI services are fronted by Cloudflare DNS and the global edge network (TLS termination, DDoS mitigation, and edge security controls).
- Cloudflare Workers: Core services run on Cloudflare Workers and related primitives (Durable Objects, Queues, KV, D1, R2, and Hyperdrive where applicable).
- AWS services: Data pipelines and supporting systems use AWS-managed services (see “Data Storage & Processing”).
Identity & Access Management
Section titled “Identity & Access Management”- Console authentication:
console.justwords.aiuses Clerk for user authentication and org membership. - Service authentication: Where JustAI exposes APIs and webhooks, access is controlled using service tokens / API keys and scoped permissions.
Data Storage & Processing
Section titled “Data Storage & Processing”JustAI uses multiple storage and processing systems depending on feature:
- PostgreSQL: Primary application data store. Worker-to-Postgres connectivity uses Cloudflare Hyperdrive where supported.
- Cloudflare KV / Durable Objects: Used for low-latency state and configuration in Worker services.
- Cloudflare D1: Used for lightweight analytics/aggregation (for example, monitoring summaries).
- Cloudflare R2: Used for durable object storage (for example, persisted request logs for critical services).
- AWS Kinesis / DynamoDB / S3 / Athena / Glue: Used for event ingestion and batch processing in our data pipeline.
Encryption
Section titled “Encryption”- In transit: Traffic to JustAI endpoints is encrypted using TLS.
- At rest: Cloudflare and AWS provide encryption-at-rest capabilities for their managed storage services.
Logging, Monitoring & Alerting
Section titled “Logging, Monitoring & Alerting”- Cloudflare observability: Worker logs, errors, and performance metrics are collected for core services.
- Persistent request logging (critical services): We persist request logs for critical services and use them for debugging, monitoring, and incident response.
- AWS telemetry: AWS managed services emit metrics/logs (CloudWatch) that support monitoring for pipeline health.
Change Management
Section titled “Change Management”- Source control: Code is managed in GitHub. We leverage GitHub’s Code Security feature to ensure best practices around privacy and security in code before it is committed.
- CI checks: Key services run automated checks (tests/build/lint) in CI.
- Deployments: Production deployments are automated; database migrations run as part of the release process where applicable.
Model Provider Controls
Section titled “Model Provider Controls”JustAI integrates with model providers such as OpenAI and Anthropic. Requests may be routed through Cloudflare AI Gateway endpoints to centralize usage and operational controls.
Vulnerability Reporting
Section titled “Vulnerability Reporting”If you believe you have found a security issue in JustAI:
- Do not publicly disclose it.
- Contact support with details and steps to reproduce.
We will acknowledge receipt and work with you on remediation and coordinated disclosure as appropriate.
Reliability & Incident Response
Section titled “Reliability & Incident Response”If an incident affects availability or integrity of the platform, we aim to:
- Triage quickly and mitigate impact.
- Communicate status and next updates through appropriate channels.
- Follow up with a written summary when warranted.
Subprocessors
Section titled “Subprocessors”This page lists third-party service providers (“subprocessors”) that may process customer data on behalf of JustAI to deliver the product.
Subprocessor list
Section titled “Subprocessor list”Infrastructure & Delivery
Section titled “Infrastructure & Delivery”| Subprocessor | Purpose | Data Involved | Region(s) |
|---|---|---|---|
| Amazon Web Services (AWS) | Core infrastructure (compute, storage, database hosting) | Customer content and metadata required to operate the service | US |
| Vercel | Web hosting and deployments | Site/app traffic and deployment artifacts | Global |
| Cloudflare | DNS and edge network plus Cloudflare Workers running multiple JustAI services (for example: docs, console, and API endpoints) | DNS records; site/app traffic (requests/responses) and request metadata | Global |
Identity & Access
Section titled “Identity & Access”| Subprocessor | Purpose | Data Involved | Region(s) |
|---|---|---|---|
| Clerk | Authentication and user identity management | User identifiers and authentication metadata | Global |
Observability & Monitoring
Section titled “Observability & Monitoring”| Subprocessor | Purpose | Data Involved | Region(s) |
|---|---|---|---|
| Cloudflare | Worker observability (logs, errors, and performance metrics) for JustAI services on Cloudflare Workers; includes persistent request logging for monitoring and incident response | Request logs and metadata; error details; performance telemetry | Global |
| Amazon Web Services (AWS) | CloudWatch metrics/logging for AWS-managed services used by JustAI (e.g., DynamoDB, Kinesis, S3, Athena/Glue) | Infrastructure and service telemetry; logs/metrics that may include identifiers | US |
Model Providers
Section titled “Model Providers”| Subprocessor | Purpose | Data Involved | Region(s) |
|---|---|---|---|
| OpenAI | Content generation (model inference) | Prompts and contextual inputs used for generation | Global |
| Anthropic | Content generation (model inference) | Prompts and contextual inputs used for generation | Global |
Developer Tools
Section titled “Developer Tools”| Subprocessor | Purpose | Data Involved | Region(s) |
|---|---|---|---|
| GitHub | Source control, code security, and CI/CD | Code, build logs, and operational metadata | Global |
Data Storage
Section titled “Data Storage”| Subprocessor | Purpose | Data Involved | Region(s) |
|---|---|---|---|
| PostgreSQL | Primary application database (hosted on AWS) | Customer content and metadata | Global |
Updates
Section titled “Updates”We may update this page as vendors change. For a vendor review requiring the most current list for your org, contact support.
