Built on enterprise-grade Azure infrastructure.
Cloud-native security from day one. Private networking, encryption everywhere, audit logs on every mutation, and a compliance roadmap aligned with your auditors.
Encryption end-to-end
All data encrypted at rest (AES-256) and in transit (TLS 1.2+). Customer-managed keys available on Enterprise.
Private networking
Production traffic routed through private endpoints; PostgreSQL, Redis, Key Vault, and storage are not exposed to the public internet.
Compliance posture
SOC 2 Type II in progress, ISO 27001 planned for Q3 2026, GDPR-compliant by default. DPAs available on request.
Regional data residency
Choose your tenant region: UAE (UAE North), EU (West Europe), or US (East US). Data never leaves your chosen region.
Identity & access
SSO via SAML / OIDC, MFA enforcement, and role-based access control with three clear roles — Administrator, Editor, Reporter — covering the editorial workflow end-to-end.
Audit log + monitoring
Every mutation logged with correlation IDs. New Relic APM, Application Insights, and per-tenant audit views built-in.
Compliance & certification
We ship the controls our customers' auditors ask for. DPAs and security questionnaires available on request.
| Standard | Status | Detail |
|---|---|---|
| SOC 2 Type II | In progress | Q3 2026 |
| GDPR | Compliant | Article 30 ROPE on request |
| ISO 27001 | Planned | Q3 2026 |
| HIPAA / PCI | On request | Enterprise plan |
What we built into the architecture.
Security isn't a feature — it's the architecture. Every Journalify deployment runs on Azure with the following baseline:
- Private endpoints in front of every service: PostgreSQL, Redis, Key Vault, Storage. Nothing reachable from the public internet directly.
- Tenant data isolated via PostgreSQL Row-Level Security with per-tenant context propagation.
- API gateway (APIM) at the edge enforces JWT validation, rate-limiting per tenant, and cross-origin policy.
- Cloudflare WAF + DDoS protection in front of all admin and reader surfaces.
- Backups: PostgreSQL point-in-time recovery (7 days) + nightly encrypted snapshots (30 days).
- New Relic APM + Application Insights with distributed tracing across all services.
- Audit log on every mutation with correlation IDs; cross-tenant audit view available to super-admins.
Need a security questionnaire or DPA?
We respond to compliance requests within one business day.