Comprehensive security and privacy

Jostle takes the security and privacy of your data extremely seriously. Key elements of our security program include:

Data centers

In order to comply with the data privacy requirements in your region, you can choose to have your instance hosted on any of our data centers, which are located in the US, Europe, Australia, and Canada. If your Jostle instance is Google integrated, your LIBRARY files will be stored in Google Drive using your own Google domain.

Certifications and audits

Jostle’s operations undergo an annual third party audit according to AICPA SOC 2 Trust Service Principles. A copy of our most recent SOC 2 Type II report is provided to customers under NDA.

Jostle complies with best practices and guidelines for cloud computing service providers, as specified in “Cloud Computing Guidelines For Public Bodies”, June 2012, issued by the Office of the Information and Privacy Commissioner for British Columbia, Canada.

GDPR Compliance

The General Data Protection Regulation (GDPR) is a new European Union (EU) privacy law that come into effect May 25, 2018. The GDPR expands the privacy rights of EU individuals and places new obligations on all organizations that market, track, or handle EU personal data. Jostle is committed to helping our customers in the EU and throughout the world comply with the GDPR through our robust privacy and security protections. Learn more…

Organizations using Jostle that have determined they qualify as a data controller under the GDPR will need a data processing agreement in place with Jostle. Here’s how…

Data ownership and confidentiality

You maintain ownership of all the enterprise data you put in your Jostle platform. Per our Subscriber Agreement, we have strict obligations to keep it secure and confidential.


Jostle’s platform is deployed and secured in a professionally managed cloud infrastructure, utilizing best-in-class, third-party data center providers. Key features include:

  • network of global SOC 2 and ISO 27001 compliant data centers and service providers;
  • systematic vulnerability scanning and systematic application of system patches to ensure threats are identified and removed; and,
  • 24x7 monitoring and protection.

Data security

Your data is only ever stored in our production environment, is owned by you, and can only be accessed by the people you authorize. All data is encrypted at rest and in transmission.

Our access to your data is strictly controlled and limited to authorized personnel, and only for the purposes of delivering and supporting Jostle’s services. All Jostle employees receive training on Jostle’s security and privacy policies and procedures.

Application security

Our software services undergo rigorous testing from both security and performance perspectives, and we use best-in-class systems to independently monitor security, performance, and system health in real time. We also utilize third-party testing as required to identify and address any vulnerabilities.


Jostle automatically backs up all data daily using a separate physical and logical infrastructure, and retains the backups for seven days.

Access management

Your Jostle platform is only accessible by the people that you invite. Identity management can be handled using a unique Jostle ID, or via integration with Active Directory or one of our qualified third-party SSO providers. Your administrators can define access to the content in your Jostle platform based on role, location, and a number of other parameters.

Multi-factor Authentication

Jostle offers your organization the option of adding an extra layer of security to your instance with a Multi-Factor Authentication (MFA) login.


Our comprehensive Privacy Policy exceeds the requirements of most jurisdictions. It sets out what personal information Jostle collects, how we can use it, and the safeguards we use to protect it.