Trust Centre

At Joinly and Koppelhet, trust is central. Our customers trust us with their most valuable data: personal data, business data, and sensitive information. Therefore, we ensure that security, privacy, and availability are not just promises but are embedded in our product, our processes, and our team.

GDPR / AVG

We fully comply with the requirements of the General Data Protection Regulation (GDPR).

  • Data is processed solely for clear and defined purposes.

  • Customers always retain insight and control over their data.

  • We have appointed a Data Protection Officer (DPO) and conduct regular audits.

We fully comply with the requirements of the General Data Protection Regulation (GDPR).

  • Data is processed solely according to clear purposes.

  • Customers always retain insight and control over their data.

  • We have appointed a Data Protection Officer (DPO) and conduct periodic audits.

GDPR Statement

Download our GDPR statement

ISO 27001

Our processes are aligned with the international ISO 27001 standard for information security. This ensures that we manage risks and security measures in a structured and controlled manner. We are ISO 27001 certified and undergo annual audits by Digitrust.

Our processes are structured according to the international ISO 27001 standard for information security. This guarantees that we handle risks and security measures in a structured and controlled way.

We are ISO27001 certified and are audited annually by Digitrust.

ISO27001 Certificate

View ISO27001 Certificate

Pentest

Our applications are regularly tested by independent security experts through penetration tests.

Any findings are promptly resolved and integrated into our development process.

The most recent pentest was conducted by Threadstone.

Our applications are regularly tested by independent security experts through penetration tests.


Any findings are immediately addressed and integrated into our development process.


The most recent pentest was conducted by Threadstone.

Pentest report

Request pentest report

Security

We embed security into every layer of our infrastructure and application.


Encryption

  • Database: All databases are secured with SHA256 encryption, both at rest and in transit.

  • Application layer: Sensitive data is additionally hashed and encrypted using SHA256.

  • Communication: All data traffic is encrypted via SSL/TLS.


Locations

All data and resources are exclusively hosted in Amsterdam (NL).

Secure Development

  • We develop securely following OWASP guidelines

  • Code reviews and security checks integrated into our CI/CD pipelines.

  • Annual penetration tests are conducted by external security specialists (Threadstone).

  • We publish a security.txt file to support responsible disclosure.

We build security into every part of our infrastructure and application.


Encryption

  • Database: Databases are secured with SHA256 encryption, both at rest and in transit.

  • Application layer: Sensitive data is further hashed and encrypted (SHA256).

  • Communication: All data traffic is encrypted via SSL/TLS.


Locations

All data and resources are hosted exclusively in Amsterdam (NL).


Secure Development

  • Secure development according to OWASP guidelines.

  • Code reviews and security checks in CI/CD pipelines.

  • Annual penetration testing by external security specialists (Threadstone).

  • We publish a security.txt file for responsible disclosure.

Availability

Our customers rely on continuous access. That’s why we monitor our systems 24/7 and use scalable cloud infrastructure.

  • Uptime: 99.9% average uptime, 99.7% minimum uptime.

Our customers rely on continuous access. That's why we monitor our systems 24/7 and use scalable cloud infrastructure.

Privacy and data

We are a processor of personal data and offer our customers a transparent Data Processing Agreement (DPA). This outlines how we handle personal data and how we comply with the GDPR.

Wij zijn verwerker van persoonsgegevens en bieden onze klanten een transparante verwerkersovereenkomst (DPA). Deze legt vast hoe wij omgaan met persoonsgegevens en hoe wij voldoen aan de AVG.

DPA (Data Processing Agreement)

Request our standard data processing agreement.

DPA (Data Processing Agreement)

Request our standard data processing agreement.

Why this is important

We believe that trust is the foundation for collaboration. By making our processes, technology, and certifications transparent, we provide customers with the assurance that their data is processed securely, available, and in compliance with regulations.

Browsing is free

Ready to integrate all your applications?

With Joinly, you turn identity & access management into a streamlined process. From HR data to Entra access: fully automated, secure, and scalable.

Schedule a demo

Browsing is free

Ready to integrate all your applications?

With Joinly, you turn identity & access management into a streamlined process. From HR data to Entra access: fully automated, secure, and scalable.

Schedule a demo

Browsing is free

Ready to integrate all your applications?

With Joinly, you turn identity & access management into a streamlined process. From HR data to Entra access: fully automated, secure, and scalable.

Schedule a demo