Security overview
How JustiFi keeps your payments secure
JustiFi uses enterprise-grade infrastructure, continuous monitoring, and independent audits to protect your business and your customers' data at every layer.
PCI-DSS SOC 2 GDPR compliant ISO aligned
Application Security
đĨī¸ Secure hosting JustiFi runs on AWS with military-grade infrastructure protecting all cloud environments. |
đ Encryption Data in transit uses TLS 1.2. Data at rest is encrypted with AES. |
đĨ User permissions Assign role-based permissions to limit which team members can access what. |
đ Single sign-on (SSO) Use your existing SSO provider for centralized user access management. |
đī¸ Data handling Fully GDPR-compliant with support for data deletion requests. |
đī¸ Vulnerability monitoring Continuous third-party testing for threats, vulnerabilities, and intrusions. |
Continuous Security Monitoring
Annual penetration testing
An independent third party runs a full penetration test at least once a year to verify that JustiFi's security posture remains strong.
Third-party audits
JustiFi is regularly assessed by independent auditors who test security controls across the entire organization.
Ongoing compliance monitoring
Security and compliance status is tracked continuously to detect and close gaps before they become issues.
Security awareness training
Every JustiFi team member completes required training covering phishing, password management, and industry best practices.
Formal information security program
JustiFi maintains a documented security program aligned with PCI-DSS and SOC 2 standards, with clearly defined roles and responsibilities for protecting customer data.
Compliance & Certifications
âšī¸ JustiFi undergoes regular audits and penetration testing designed to meet PCI-DSS, SOC 2, ISO, and GDPR requirements. You can review the latest compliance reports and documentation in the JustiFi Trust Center â
Frequently Asked Questions
Is my payment data encrypted?
Yes. All data in transit uses TLS 1.2, and all data stored at rest is encrypted with AES. Your customers' payment information is never stored unprotected. We never store full account numbers.
Is JustiFi PCI-DSS compliant?
JustiFi's security program is built to meet PCI-DSS standards. Regular audits and penetration tests verify ongoing compliance. Visit the Trust Center for up-to-date documentation.
Can I control which team members access my account?
Yes. JustiFi supports role-based user permissions so you can limit access to sensitive data and settings. SSO integration is also available for centralized identity management.
How does JustiFi handle GDPR data deletion requests?
JustiFi is fully GDPR-compliant with processes in place to fulfill data deletion requests from you or your customers.
Where is my data hosted?
JustiFi's infrastructure runs on Amazon Web Services (AWS), which provides enterprise and government-grade physical and network security for all cloud environments.