Privacy and Security Overview


Joyous is a SaaS employee feedback platform for operational improvement. Our customers are predominantly enterprise organisations across North America, Australia, Asia and Europe. 

Joyous helps operational leaders chat to the frontline at scale with help from AI. It then uses AI to create a detailed action plan validated and weighted according to the frontlines’ first-hand experience.

Joyous initiates a campaign relating to a specific operational topic as determined by your key stakeholders. Joyous engages the specified audience, at the specified time, reaching them via a specified contact method. The message sent includes a link that contains a unique token, which takes them to a browser based chat.

Typically each topic has facilitators assigned to respond to the audience if clarification is required. They are given access to the Joyous Dashboard which includes a live feed and analytics. This requires a secure login.

Audience members and facilitators are internal to your organisation.

Some key differences between Joyous and traditional employee feedback include:

  • Targeted, not broad. Focus is on one challenge at a time. Operational campaigns quickly elicit actionable feedback, not complaints.
  • Open, not anonymous. Employees’ names go with their feedback. They talk about things to do with their job, not themselves. 
  • Chats, not surveys. A person from your team can start a chat to get more context and clarity if needed. 
  •  Specific actions, not general themes. Quickly create a detailed plan containing specific actions validated and weighted by conversations with the frontline.  
Read these articles for a more in-depth understanding of Configuring Joyous and Running a campaign.

The remainder of this articles outlines answers to commonly asked questions relating to privacy and security.

Q: How does Joyous keep data secure?

A: Our infrastructure is hosted securely in AWS. Our data is stored in Oregon for North American customers, Frankfurt for European customers and Sydney for Australia and New Zealand customers.
Stored data ('data at rest') in our databases is encrypted automatically via transparent disk encryption.
In addition to the storage system level encryption, data is also encrypted at the storage device level with AES-256 on solid state drives (SSD) using a separate key.
All parts of the Joyous application and website exposed to the internet, including login pages, pass data via TLS which means that all data in transit is encrypted at all times.

Q: What is Joyous' approach to prevention of data loss and data corruption?

A: All data is continuously mirrored in a database cluster, so that operation continues without data loss in the event of a server failure. In addition, data is backed up off-site every minute.

Q: How does Joyous ensure segregation of customer data?

A: Joyous implements multiple layers of logic that segregate the data of different organizations, including the obligatory use of a standard Data Access Layer that ensures that a user's organization is always confirmed before reading from or writing to the database.
Joyous maintains a security test plan for its software, including automated testing of each part of its API to test access controls, permissions, organizational separation and logging.
Joyous passwords are hashed and can't be read by our own staff. If a password is lost it can't be retrieved - it must be reset.
Joyous controls remote access to critical systems by so that access is only allowed from specified locations.

Q: Does Joyous support SSO?

A: Yes. We support Microsoft Entra ID and Okta.

Q: Who is required to login? 

A: Only users who have access to Joyous Dashboard (live feed and analytics) are required to login.

Is Joyous Soc 2 certified?

Joyous is Soc 2 type 2 certified. Should your team wish to view a copy of our latest Soc 2 Audit report please contact your account manager.  



Further documentation:

🔗  Privacy & Security Overview

 🔗 Joyous Privacy Notice