Security is not a feature at JodiCore — it is the foundation on which the entire platform is built.
All data encrypted at rest and in transit using AES-256 and TLS 1.3.
Granular permissions per user, per module, per location.
Every action is permanently recorded with timestamp and user identity.
Scoped API keys with IP whitelisting and automatic rotation.
Multi-layer network and application-level DDoS mitigation.
Regular third-party security audits and penetration testing (roadmap).
JodiCore is hosted on enterprise-grade cloud infrastructure with multiple availability zones, automated failover, and daily encrypted backups. Our infrastructure is logically isolated per customer and never shared across tenants.
Our application layer includes input validation, parameterised queries to prevent SQL injection, CSRF protection on all form submissions, output encoding to prevent XSS, and secure HTTP headers across all responses.
Customer data is stored in the region selected at account creation. We do not transfer data across regional boundaries without explicit consent. Customers can request data export at any time.
If you discover a security vulnerability in the JodiCore platform, please report it responsibly to security@jodicore.com. We investigate all reports within 48 hours and aim to resolve critical issues within 7 days. We do not pursue legal action against researchers who follow responsible disclosure practices.