Joonbi Corp Privacy Statement
Effective Date: 9/30/2025
Version 1.0
Our Commitment
Joonbi is an AI-powered Governance, Risk, and Compliance (GRC) platform. We protect your business data with enterprise-grade security and give you full control over your information.
What Data We Collect
Account Information:
Your name, email, company details, and login credentials.
GRC Platform Data:
Risk assessments, compliance documentation, audit materials, and any files you upload.
Usage Information:
How you use our platform – features accessed, time spent, and performance data.
Technical Information:
IP address, browser type, and device information for security and functionality.
How We Use Your Data
| Purpose | What We Use | Why | How Long |
|---|---|---|---|
| Platform Services | Your GRC data and account info | To provide our core services (Contract) | Per your contract terms |
| Account Management | Contact and billing info | To manage your account and billing (Contract) | Active + 2 years |
| Customer Support | Account and usage info | To resolve issues and improve service (Legitimate Interest) | Issue resolved + 1 year |
| Security & Safety | Usage logs and technical data | To protect your account and data (Legal Obligation) | 12 months |
| Service Improvement | Anonymized usage patterns only | To enhance our platform (Legitimate Interest) | 2 years |
AI and Your Data
No Training on Your Data:
We never use your business information, assessments, or any confidential data to train our AI models.
Session-Only Processing:
AI analyzes your requests in real-time with no storage. Once you close a session, all AI processing data is deleted.
Human-Directed Analysis:
Our AI provides recommendations and insights to support your GRC decisions. All outputs require human review and approval – AI never takes actions on your behalf.
Transparency:
When AI makes suggestions, we show you why and how confident the system is.
Responsible AI Standards:
Our AI development follows emerging international best practices including bias monitoring, algorithmic accountability, and risk assessment frameworks.
Data Security
We protect your data with:
- Encryption:
AES-256 encryption for stored data, TLS 1.3 for data transmission - Access Controls:
Multi-factor authentication and role-based permissions - Monitoring:
24/7 security monitoring and incident response - Infrastructure:
Enterprise cloud hosting with tenant isolation and role based access, data encryption, row level security
Security & Compliance
Information Security Management:
Our security program follows SOC, PCI, ISO 27001 principles including regular risk assessments, security control implementation, and continuous improvement processes.
AI Governance Framework:
Our AI systems include risk assessments, bias monitoring procedures, and algorithmic accountability measures aligned with ISO 23053 principles for AI risk management.
Financial Services:
For customers in the financial services sector, we implement additional cybersecurity controls aligned with applicable regulatory requirements including NYDFS 23 NYCRR 500.
Certification Timeline:
SOC 2 Type I (2025), SOC 2 Type II (2026), ISO 27001 certification (2026)
Payment Processing:
We never store or process credit card information directly.
Protected Health Information (PHI):
We do not store, transmit, or transform PHI. Healthcare customers must use HIPAA-compliant third-party processors for any PHI handling.
Children’s Data:
Our service is for business use only. We don’t knowingly collect, store, transmit, or process data from anyone under 18.
Data Sharing
We never sell your data. We only share when:
- You direct us to:
Third-party integrations you choose to enable - Our service providers help us operate:
Hosting, support, payments under strict contracts - Required by law:
Legal requirements or safety protection - Our Service Providers (Joonbi Vendors):
We select and contract with trusted vendors to operate our platform including cloud hosting, security monitoring, payment processing, and customer support tools. All vendors sign data protection agreements and meet our security standards.
Your Rights
Access, Correct, Delete:
Get, fix, or remove your data Export: Download your data in standard formats
Control:
Manage settings in your account dashboard Opt-Out: Unsubscribe from marketing
Contact:
privacy@joonbiready.com | Response: 30 days max
International Data
At this time we primarily operate in the US.
- Data Residency:
Regional hosting options available for enterprise customers upon request
Data Retention
- Account Data:
Active relationship + 2 years - Platform Data:
Per your contract or until you delete it - Usage Analytics:
2 years - Support Data:
1 year after resolution - Security Logs:
12 months
You can delete your data anytime through your account or by contacting us.
Cookies & Tracking
We use essential cookies for platform functionality and analytics cookies (with your consent) to improve our service.
Cookie Categories:
- Essential:
Required for platform operation (login, security, core functionality) - Analytics:
Help us understand usage patterns to improve our service (requires consent) - Marketing:
Track effectiveness of our communications (requires consent) - Cookie Controls:
Manage preferences in your account settings or browser. Essential cookies cannot be disabled as they’re required for platform operation.
Updates
We’ll notify you 30 days before any material changes to this policy. Minor updates will be posted with an updated effective date.
Legal Compliance
US Residents:
We comply with applicable state privacy laws including CCPA/CPRA.
Future EU/UK Residents:
We comply with GDPR. You can contact your local data protection authority if needed.
Children
Our service is for business use only. We don’t knowingly collect data from anyone under 18.
Contact Us
Questions or Requests:
- Email:
privacy@joonbiready.com - Address:
3351 SW Turner Rd.
West Linn, OR 97068
This privacy statement covers the essentials while we grow. As we add features and expand globally, we’ll update this policy to maintain transparency and your trust.
Questions? Contact us anytime at privacy@joonbiready.com.
Regulatory Framework Support: This Privacy Statement supports compliance with GDPR, CCPA/CPRA, ISO 27001, ISO 23053, NYDFS 23 NYCRR 500, and PCI DSS requirements.