CJI Customer Journey Intelligence
Security

Security at CJI.

CJI operates at the edge of regulated-firm data. Our alpha partners are banking professionals evaluating customer journey intelligence from inside corporate networks. We treat security as a load-bearing requirement, not a marketing badge. This means being specific about what we have built, honest about what we have not yet attained, and reachable when something goes wrong.

System overview

System Architecture Overview.

Three independent surfaces, one auth boundary, one immutable audit trail. The diagram below summarises the request flow that powers every authenticated CJI surface.

CJI authenticated request flow A browser request travels from the partner laptop through Cloudflare to a Worker that validates the JWT at the auth boundary, then reaches D1 for session and audit storage. Public marketing pages bypass the auth boundary. Browser Partner laptop Cloudflare TLS · WAF · CDN Worker Edge bouncer · JWT D1 Sessions · audit AUTH BOUNDARY JWT verified · invalid → login Public marketing pages (cjipro.com) bypass the auth boundary entirely.

For the full technical breakdown, see /security/architecture/.

Where to start

Three pages.

Standards

What we align with, what we do not yet hold, and where we are heading.

/security/standards/ →
Architecture

How customer journey signal flows through CJI without leaking.

/security/architecture/ →
Disclosure

RFC 9116 security.txt contact for researchers.

/.well-known/security.txt →
April 2026

Current production state.

These capabilities are live in production and verifiable.

  • Live UK GDPR-compliant privacy notice with a named data controller at /privacy/. No analytics, no tracking pixels, no cookies on the public surface.
  • Live RFC 9116 security disclosure contact at /.well-known/security.txt. Preferred channel: [email protected].
  • Live Cloudflare-fronted hosting with TLS 1.3 termination and DDoS mitigation on all public paths.
  • Live WorkOS-backed authentication: magic-link only, no passwords stored, passkeys supported.
  • Live Allowlist-based admission with manual administrator approval for every new account.
  • Live Hash-chained immutable audit log for all authentication events.
  • Live Per-tenant audit log export (JSONL or CSV).
  • Live Cloudflare Worker edge bouncer enforcing JWT validation on every authenticated request.
  • Live WAF rate-limiting at the Cloudflare edge.
  • Live Zero Entanglement rule between public market signal and private telemetry, enforced at build time.
  • Live Public sample briefing at /insights/sample-briefing/ uses entirely synthetic data.
Honest accounting

What CJI does not yet hold.

We are in early alpha. The items below are on the roadmap.

  • Planned SOC 2 Type 1 — readiness assessment underway; an independent auditor has not yet been engaged. We will not claim compliance until the report is issued.
  • Evaluating ISO 27001 — under evaluation. Our current controls are consistent with the standard's intent.
  • Evaluating Cyber Essentials Plus — under evaluation.
  • Planned Independent penetration test — planned before first enterprise contract.
  • Out of scope HIPAA and PCI DSS — CJI processes neither health nor payment card data.

If the absence of any item above is a blocker for your organisation, please tell us. Email [email protected] — we will be direct about timelines.

Get in touch

Contact.

Security disclosures[email protected] (preferred channel). We acknowledge within 5 business days. 90-day responsible disclosure policy, with possible extension upon written agreement.

General enquiries, partnerships, data-subject rights[email protected].

Machine-readable disclosure/.well-known/security.txt