Peace of Mind: Data Security at Justworks

At Justworks, we deal with the sensitive personal and financial information of our customers and their employees, day in and day out. It’s a responsibility we take incredibly seriously. Here’s how we safeguard your data.

Securing Your Data

Justworks follows industry-standard best practices to ensure the highest levels of security. That means taking steps like these:
  • Employing firewalls, HTTPS, and bank-level encryption to secure networks, communications, and data for a higher level of security and privacy

  • Authenticating over SSL/TLS (Transport Layer Security) and tokenizing and storing data in an encrypted data store

  • Storing data in a private cluster that’s only accessible via two-factor authentication to provide added physical and technical access protection
Segregating and tokenizing all sensitive data, to add an extra layer of data protection

  • Staying up-to-the-minute on security updates to software libraries, and applying any patches or bug fixes as needed to protect from threats

  • Performing daily vulnerability scanning and assessment, as well as quarterly audits and risk assessments on services and data stores to ensure we are adhering to our internal security policy requirements

  • Maintaining internal security policies relating to, among other areas, network security, logical access, credentialing, passwords, and data classification

  • Working with consultants and outside counsel to ensure that our processes and controls are consistent with best practices

  • Representing in our customer service agreement that we will maintain a security program consistent with industry standards.

Questions? We've Got You Covered.

What information does Justworks collect and safeguard?

Justworks does not gather credit card information, medical information, or passport information (except to the extent an employee puts such information on their I-9). We do, however, collect bank account information and enrollment/census related information (e.g., name, address, SSN, and DOB). Employee census data is sent via a secure electronic data interchange (EDI) to our third-party underwriter for health insurance purposes. The underwriter feeds the information into a database and underwriting model, which returns a risk score based on the entire group.

Does Justworks require an application programming interface (API) or other integration with your system?

No, Justworks services are accessed via secure login by our customers and their employees and contractors via Justworks’ platform — no API required. However, you do have the option to integrate your accounts with Xero, Quickbooks, and Quickbooks Online.

What is your server environment?

Justworks uses Amazon Web Services (AWS) for services related to server hosting, physical and environmental protection, network management, and disk storage supporting the Justworks application. All of Justworks' data is hosted by AWS in the U.S. It uses its EC2, RDS and CloudWatch services, among others. Physical security and environmental controls ensure that access to hosted data is restricted to appropriate personnel. Justworks processes Personally Identifying Information (PII) in the U.S., and our Customer Service Agreement (CSA) only allows for covered employees who work and reside in the U.S. Justworks also has IT general computer controls around applications, systems, and security services provided to Justworks.