Trust & Security

Security built into every platform.

Juno Maps builds software for government agencies, utilities, and infrastructure organizations that cannot afford a security incident. This page documents how we protect customer data across Smart Site Plan and Hubity, the compliance posture we maintain, and the commitments we hold ourselves to.

Last reviewed: April 2026

Commitments

Four principles that apply to every platform we ship.

Encryption everywhere

Data in transit is protected with modern TLS. Sensitive data at rest is encrypted with enterprise-grade encryption and unique keys per record. Insecure connections are rejected.

Data isolation by design

Customer data is logically isolated with per-customer access controls. Cross-tenant data access is prevented architecturally, not just at the application layer.

Zero-training AI policy

Where Juno Maps platforms use AI, your conversations and documents are never used to train, fine-tune, or improve any model. A contractual stance enforced with every AI provider Hubity works with.

Audit and accountability

Significant actions are logged with encrypted context. Hubity retains audit trails for six years with a tamper-evident audit export. Smart Site Plan covers audit needs per project.

Compliance

The posture we hold and the work in progress.

SOC 2 Type II

In Progress

Infrastructure providers are already SOC 2 certified. Company-level self-assessment is underway. We will publish the formal Type II report once issued.

GDPR / EU privacy rights

Active

Access, correction, deletion, and data export rights are supported for European data subjects across our platforms.

CCPA / US state privacy

Active

California and other US state consumer privacy rights are honored, including right to know, delete, and opt out.

US data residency (Hubity)

Active

All Hubity customer data is processed and stored in the United States. Smart Site Plan data residency is covered under the project agreement.

WCAG 2.1 AA accessibility

Active

Every page on junomaps.com passes WCAG 2.1 Level AA automated conformance checks via pa11y. Product accessibility is reported per platform.

Data Processing Agreement

Available

Standard DPA available on request for enterprise customers and covered data processing relationships.

By platform

Every platform carries the same principles and its own specifics.

Hubity

The productivity hub. Handles customer documents, knowledge bases, and AI-driven queries against uploaded company data.

  • Zero-training policy across all AI providers
  • Per-workspace data isolation
  • OWASP MCP Top 10 connector mitigations
  • Passwordless login, passkeys, and 2FA
Hubity Trust Center

Smart Site Plan

The geospatial platform. Handles parcel data, infrastructure records, and CAD/GIS project files for government agencies, utilities, and engineering firms.

  • Passkey and WebAuthn authentication
  • Two-factor authentication
  • SSL-encrypted connections
  • Read-only share links — collaborate without accounts
Smart Site Plan
Vulnerability disclosure

Found something? Tell us.

We welcome responsible security research on junomaps.com and its associated services. Report findings to security@junomaps.com. We acknowledge all reports within 48 hours.

  • Response time: acknowledgement within 48 hours
  • Safe harbor: no legal action against good-faith researchers
  • Recognition: valid reporters acknowledged with permission
  • In scope: junomaps.com and its associated services
  • Out of scope: third-party services, social engineering, denial-of-service

Product-level security contacts: Hubity — security@hubity.io. Full policy published at /.well-known/security.txt.

Procurement documents and direct contact.

DPA, privacy policy, and terms available on request. Security and compliance teams welcome to reach out directly.

Privacy PolicyTerms of Servicesecurity@junomaps.com