Joggr joined Techstars NYC!

Security at Joggr

Joggr is trusted by top technology companies to maintain their engineering organization's central knowledge base.
Contact Us

SOC 2 Program

Joggr's security program is SOC 2 ready* with all of the necessary controls in place.
*NOT currently certified but is working towards a certification.


We help all of our clients, inside and outside of the EU, comply with GDPR.

Data Privacy

Our strict data privacy policy applies to all users, regardless of their location.


Our platform is designed from the ground up with security in mind, be it our multiple layers of encryption or our secured API design.


Our authorization mechanism relies on your VCS's permissions as the source of truth aka remove a user from GitHub they lose access.

Product Security

Our Product Security Program includes testing & scans for every commit to our codebase & active deployment in production.
Contact our Security Team

Common Questions

Joggr is an internal knowledge base built for software developers that leverages best-in-class security tooling from companies such as Auth0, Google Cloud, and Semgrep.
Does Joggr store my code?
Joggr stores references to portions of your code, that is stored in your Version Control System (VCS), such as GitHub. We do not store your codebase in our database.
How does Joggr handle authorization?
Joggr's authorization model is based upon the permissions you set in your Version Control System (VCS), such as GitHub. This means that if you remove access to a repository or organization in GitHub the user immediately loses access in Joggr to all documentation related to those entities.
What GitHub permissions does Joggr need?
Our application needs read & write access to your repository, since all of your documentation is stored in GitHub. When a user onboards they authorize access to GitHub and we make commits, open pull requests, and other operations on their behalf. All of our access is driven by the current authenticated user. We will never make changes to your code, only Joggr Doc markdown files.
Is Joggr GDPR Compliant?
Yes, we work with all of our clients to make sure they are GDPR compliant while using Joggr. We provide a Data Processing Addendum (DPA) that describes our Technical and Organizational Security Measures. For more information please contact our security team.
Is Joggr SOC 2 Type II Compliant?
Joggr does not currently have a SOC 2 Type II attestation. We have a SOC 2 ready security program and are working towards a SOC 2 in the near future.
Is Joggr PCI compliant?
Joggr does not store personal credit card information for any of our customers. We use Stripe to securely process payments and trust their commitment to top-notch security. Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.
Does Joggr encrypt data?
Yes, all data is encrypted at rest (AES-256) and in transit (HTTPS / TLS). Additional client-side encryption and decryption is utilized for senstitive data such as GitHub authorization tokens.
Does Joggr conduct regular penetration testing and vulnerability scans?
Yes, every line of code in our code base is reviewed by a human and scanned for vulnerabilities prior to deployment. In addition, continuous scans are run on our codebase daily to detect vulnerabilities. Penetration tests are conducted by third party experts once per year, in addition to continuous scans completed using Google Cloud's Security Command Center.
Does Joggr backup data?
Yes, data is backed up in its entirety once per day and point-in-time recovery is enabled for up to 7 days.  
Does Joggr have a bug bounty program?
No, we do not currently have a bug bounty program but you can report security vulnerabilities here.

Responsible Disclosure

Reach out to our security team to disclose any security vulnerabilities.

We believe RTFM is more than a funny acronym.

Get access to the internal knowledge base built specifically for software developers.
Join the waitlist