A brief overview of our security

Strong authentication with 2FA

Our data is encrypted. We use industry standard and approved cryptographic algorithms and industry-best-practice key management, with strict user access control and multi factor authentication.

Penetration tests and vulnerability scans

At Juni, we perform regular external and internal penetration tests by independent contractors. We also do continuous vulnerability scans, both in code, third party libraries and networks in order to find and address any vulnerabilities.

Embedded security team

Juni has a dedicated security team that works on product security, which is embedded in the software development life cycle.

Fraud protection

Juni is committed to preventing fraud across our entire financial ecosystem. Our FinCrime team operates advanced systems that monitor every transaction that’s being processed, 24 hours a day. All our payment traffic is screened, logged and analysed to not only detect but understand suspicious activity. Fraudsters are quick and we have to be quicker. If our service is abused, we will terminate and block the user's account immediately.

Cloud-hosted infrastructure

Our infrastructure runs on Amazon Web Services (AWS), an industry leader in cloud services and data security. As one of the most (if not the most) audited systems of all time, their security practices are exceptional - and we would have nothing less for our customers.

Secure development lifecycle

From the design phase to the deployment in production, our security processes consider every aspect of product and infrastructure development. All development projects, including new products and features, go through a strict set of security tests and a security review process.

PCI DSS

PCI DSS is an information security standard designed for organizations that handle branded credit cards from the major card schemes. The standard’s requirements ensure that we uphold a high level of security to safeguard sensitive information.

ISO/IEC 27001:2022

Juni is certified to the ISO/IEC 27001:2022 standard, recognising that we have implemented and are maintaining a robust information security management system designed to protect both company and customer data. This includes systematic risk management, security assessments, and continuous improvement to proactively address evolving security threats.

Knowing Your Business

Juni is required to know its customers and robustly verify the details they give to us at onboarding, and regularly thereafter. This is just one way in which we help to protect our customers and other parties. This limits any potential for bad actors to use our platform to exploit others and do harm.

Data privacy, vulnerability & GDPR

Juni takes its customers' privacy very seriously and is committed to acting
in compliance with GDPR and UK GDPR in all aspects of its business.

For information on how we process the personal data of our customers please see our Privacy Policy for processing in relation to the use of our platform, and the Fair Processing Notice for processing in relation to our credit offering.

Please read our Vulnerability Disclosure Policy for information on how best to report suspected security flaws to the team.