Overview of Joan infrastructure and security
Device communication
Devices establish connections to the Joan cloud services using modern encryption algorithms :
- Joan 6 Pro - TLS 1.3 (default) or AES 128 encryption (fallback).
- Joan 6 / Joan 13 and other regular Joan devices: AES 128 encryption is supported.
WiFi connectivity between devices and local wireless access points uses standard WPA2, WPA3 or WPA2 EAP (TLS, TTLS or PEAP).
User Access
Access to Joan services is protected using industry standard approaches, using the latest encryption standards.
Calendar access
Joan services connect to your infrastructure in order to provide room booking information from your Google Workspace, Microsoft Office or other data sources. We adhere to the latest integration approaches and follow the latest security standards.
We also rely on minimum-storage approach, where we only cache (temporary store) the data that is displayed in our system. Read more about our approach.
Google Workspace
All communication between Joan devices, MyJoan account, and the Google Workspace calendar is managed through the official, standard OAuth2 authentication and the Google API with no credentials stored, only access granted.
MS Office 365
All communication between Joan devices, MyJoan account, and the MS Office 365 calendar is managed through the official, standard authentication, and APIs with access granted and certain credentials stored in encrypted form.
The Joan services store only the device information, all other information is gained through an API call, parsed and sent directly to the device.
Integration is done in following ways:
- Global Admin -> MS Graph API
- Delegated user -> MS Graph API
Global Admin/Delegated user credentials are stored encrypted and will not be shared with any 3rd party.
Microsoft Exchange
All communication between Joan devices, MyJoan account, and the Microsoft Exchange calendar is managed through the official, standard NTLM authentication using the EWS API with access granted and certain credentials stored in encrypted form.
The Joan services store only the device information, all other information is gained through an API call, parsed and sent directly to the device.
As for user information, such as usernames and passwords, they are kept encrypted in our database for seamless use. No information is or will be shared or sold to third parties as stated in our Privacy Policy.
iCalendar
All communication between Joan devices, MyJoan account, and iCalendar is managed through the official, standard XML feed with no credentials stored, only read support granted.
No calendar or event information is stored on our servers as it is sent directly to the device.
FAQ
Where do you host your services and who provides that?
Hosted services (e.g. MyJoan) are deployed on Google Cloud (Belgium, EU)
Do you have a backup policy?
Yes, We create daily database snapshots.
What is Visionect’s RPO and RTO?
Estimated RPO is 24 hours, estimated RTO is 4 hours.
Is the stored data encrypted?
Yes, Data is encrypted both during transmission and at rest.
Is Joan GDPR compliant?
As an EU company we comply to GDPR. For more information check our legal section (https://getjoan.com/legal/).