← All docs

Security & Data Protection

Last updated April 28, 2026

How is my data protected?

1. Complete Tenant Isolation

Each Junior runs in its own fully isolated environment — dedicated compute, storage, and network namespace (Kubernetes). Your data is never shared with or accessible to other customers.

2. Encryption

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). This applies to files, messages, memory, and any connected tool data.

3. No Model Training on Customer Data

Your data is never used to train AI models. We use Anthropic's Claude, whose enterprise API explicitly guarantees that customer inputs are not used for model training.

4. Access Control

Only your authorized team members can interact with your Junior. Access is scoped to the Slack or Microsoft Teams workspaces and channels your admin grants Junior membership in. Our engineering team accesses infrastructure for maintenance only, under strict internal access policies.

5. Data Ownership & Deletion

You own your data. You can request full deletion of all your data at any time, and we will comply promptly.

6. Audit & Monitoring

All interactions are logged. Junior maintains audit trails of actions taken, tools accessed, and data processed.

7. No Public Endpoints

Junior's infrastructure has no public-facing endpoints. All tenant machines are deployed in private subnets with no direct internet exposure, accessible only through authenticated internal channels.

8. Permission Boundaries

Junior can only access the tools and channels you explicitly authorize. Even in adversarial prompting scenarios, it cannot reach systems outside its permission scope. Sensitive operations can be configured to require human approval before execution.

9. Prompt Injection Protection

We use Anthropic's Claude, which has industry-leading resistance to prompt injection attacks. Additionally, Junior has built-in safety guardrails that prevent it from executing dangerous operations regardless of how it is prompted.

10. Red Team Testing

We conduct regular red team exercises to proactively identify and address security vulnerabilities before they can be exploited.

For SEC / Financial Compliance Customers

We understand the sensitivity of regulated environments. In addition to the above:

  • We can provide a detailed security architecture document upon request
  • We are happy to complete your security questionnaire or vendor assessment form
  • We can schedule a dedicated security review call with our engineering team
  • Data residency: currently hosted on AWS US infrastructure

For any of the above, reach out via the contact info on junior.so.