Security

Security and data control as a baseline.

Jurono is for firms that need clear answers on data, access, audit trails, and GDPR before adopting new software.

Protection
Bank-grade security principles
Traceability
Audit trails and security events
Control frame
SOC 2-oriented guardrails
Privacy
GDPR and DPA-ready processes

Technical security facts#

Server location
Often unclear across tool chains
Germany (Frankfurt am Main) — target architecture
Encryption
Often communicated vaguely
TLS 1.3 in transit; AES-256-GCM planned for especially sensitive content
Backups
Inconsistent routines
Daily backups with 30-day retention — planned
DPA
Frequently delayed in procurement
Available on request for contract review

Security firms can evaluate#

For Jurono, security is not just reassurance. It is a buying criterion. Firms need to understand who has access, which actions are traceable, how data is protected, and which controls hold up in daily work.

That is why this page is written concretely: not as a list of technical acronyms, but as a reviewable baseline for partners, firm leadership, data protection contacts, and IT stakeholders.

Foundation

Bank-grade security principles

Jurono follows protection principles firms expect from sensitive industries: encrypted connections, strong authentication, secure password handling, reduced attack surface, and consistent logging.

Traceability

Audit trails

Access, changes, document actions, security events, and relevant system activity are designed to be captured as audit information so firms can later review what happened.

Controls

SOC 2-oriented guardrails

Jurono uses SOC 2 as an orientation for controlled development: access restriction, change review, logging, incident processes, ownership, and continuous improvement.

Data protection

Encryption

The platform uses encrypted transport. For especially sensitive communication and file content, AES-256-GCM and server-side encryption are part of the security building blocks.

Least privilege

Roles and access

Access is limited by role, responsibility, and firm context. The product follows the principle: as much access as necessary, as little access as possible.

Compliance

GDPR and data control

DPAs, subprocessor review, export and deletion workflows, retention logic, and data subject rights are part of product and process planning.

What this solves psychologically#

For law firms, security is not only an IT topic. It answers regret aversion: what happens if switching later turns out to be a mistake? What happens during an access incident? What happens if data activity cannot be reconstructed?

Jurono addresses these concerns with transparency instead of vague reassurance.

Vorher / Before

We have to hope a new tool handles matter data carefully.

Jurono

We can review the protection layers, controls, and audit trails that are planned.

Security architecture in daily work#

  1. 1. Secure access

    Authentication, secure password handling, session logic, and security events protect access to the platform.

  2. 2. Make actions traceable

    Audit trails document relevant access and changes, so firms are not left guessing when something needs to be reviewed.

  3. 3. Protect data

    Encryption, secure storage, PII redaction, and upload protection reduce risk around confidential content.

  4. 4. Improve controls

    SOC 2-oriented guardrails help security processes mature in a structured way without implying certification that does not yet exist.

Security and procurement assets#

Security one-pager

One-page facts on hosting, encryption, access, and audit trails. Request one-pager →

DPA template

Data processing agreement template for your firm records. Request DPA template →

TOM overview

Technical and organisational measures for data protection officers and IT contacts. Request TOM overview →

Subprocessor list

Overview of subprocessors involved or planned in processing. Request list →

Hosting & backups

Location, infrastructure, backup rhythm, and retention at a glance. Request overview →

Controls roadmap

What is already in place and which security controls are planned next. Request roadmap →

Implemented and planned security controls#

ControlStatus
TLS 1.3 in transitImplemented
Germany (Frankfurt) server locationTarget architecture
Daily backups with 30-day retentionPlanned
Audit trails for access and changesPlanned
AES-256-GCM for especially sensitive contentPlanned
DPA for contract reviewAvailable on request
SOC 2 report or certificationRoadmap
Read GDPR notes Request security one-pagerHome