Overview of Joan infrastructure and security
Device communication
Devices establish connections to the Joan cloud services using modern encryption algorithms :
- Joan 6 Pro - TLS 1.3 (default) or AES 128 encryption (fallback).
- Joan 6 / Joan 13 and other regular Joan devices: AES 128 encryption is supported.
WiFi connectivity between devices and local wireless access points uses standard WPA2, WPA3 or WPA2 EAP (TLS, TTLS or PEAP).
User Access
Access to Joan services is protected using industry standard approaches, using the latest encryption standards.
Login procedure
System administrators use portal.getjoan.com, while office managers and regular users (accessing desk booking, visitor management,...) use office.getjoan.com.
In both cases we use a unified login system that supports username/password, SSO or login links ("magic links").
User of our Workplace management (used to book desks, rooms,...) mobile application login using their email address and a one-time code sent in the email.
Calendar access
Joan services connect to your infrastructure in order to provide room booking information from your Google Workspace, Microsoft Office or other data sources. We adhere to the latest integration approaches and follow the latest security standards.
We also rely on minimum-storage approach, where we only cache (temporary store) the data that is displayed in our system. Read more about our approach.
Google Workspace
All communication between Joan devices, the Joan Portal and the Google Workspace calendar is managed through the official, standard OAuth2 authentication and the Google API with no credentials stored, only access granted.
MS Office 365
All communication between Joan devices, the Joan Portal and the MS Office 365 calendar is managed through the official, standard authentication, and APIs with access granted and certain credentials stored in encrypted form.
The Joan services store only the device information, all other information is gained through an API call, parsed and sent directly to the device.
Integration is done in following ways:
- Global Admin -> Oauth2 through Outlook API
- Delegated user -> Basic authentication with EWS API
Global Admin/Delegated user credentials are stored encrypted and will not be shared with any 3rd party.
Microsoft Exchange
All communication between Joan devices, the Joan Portal and the Microsoft Exchange calendar is managed through the official, standard NTLM authentication using the EWS API with access granted and certain credentials stored in encrypted form.
The Joan services store only the device information, all other information is gained through an API call, parsed and sent directly to the device.
As for user information, such as usernames and passwords, they are kept encrypted in our database for seamless use. No information is or will be shared or sold to third parties as stated in our Privacy Policy.
iCalendar
All communication between Joan devices, the Joan Portal, and iCalendar is managed through the official, standard XML feed with no credentials stored, only read support granted.
No calendar or event information is stored on our servers as it is sent directly to the device.
FAQ
Where do you host your services and who provides that?
Hosted services (e.g. Joan Portal) are deployed on Google Cloud (Belgium, EU)
Do you have a backup policy?
Yes, We create daily database snapshots.
What is Visionect’s RPO and RTO?
Estimated RPO is 24 hours, estimated RTO is 4 hours.
Is the stored data encrypted?
Yes, Data is encrypted both during transmission and at rest.
Is Joan GDPR compliant?
As an EU company we comply to GDPR. For more information check our legal section (https://getjoan.com/legal/).