Security & Trust

Junior is an AI coworker that acts inside your tools — so control and data protection aren't add-ons, they're the design. This page is a plain, honest account of how we handle your data and where our compliance program stands today. Junior is operated by Kuse AI, Inc.

You approve before it acts

The core of Junior's security model is that you stay in control. It is approval-gated by default:

  • For customer-facing actions — sending an email, writing to your CRM — Junior drafts and waits for one-click approval rather than acting on its own.
  • Every action Junior takes is logged with who approved it, giving you a clear activity record of what happened and when.
  • You choose which tools and channels Junior can access, and you can tighten or loosen that scope per workflow.

Compliance & certifications

SOC 2 Type II
Audit in progress
Our SOC 2 Type II audit is currently underway. No report has been issued yet — we will publish it on completion. To request current status or a security review, email [email protected].
GDPR
Aligned
We process personal data on GDPR legal bases and honor EEA/UK/Swiss data-subject rights. See the Privacy Policy.
CCPA / CPRA
Compliant
We honor California (and equivalent U.S. state) privacy rights, and we do not sell your personal information.
AWS Marketplace
Listed
Junior is available to purchase through the AWS Marketplace, so enterprise buyers can procure it on their existing AWS agreement.
Slack App Directory
Listed
Junior is published in the Slack App Directory — Slack reviews an app's OAuth scopes and security posture before it can be listed.

Approved & listed

Junior isn't just self-published. It has been through the review processes required to be distributed on the platforms enterprises already trust:

  • Slack App Directory. Junior is listed in the Slack App Directory — Slack reviews an app's OAuth scopes, security posture, and store listing before approving it for the directory.
  • AWS Marketplace. Junior is available on the AWS Marketplace, so it can be procured and billed through your existing AWS account.

How Junior protects your data

  • Encryption in transit and at rest. Data is encrypted in transit (TLS/SSL) and at rest.
  • Access controls. Access to systems and data is protected by authentication and access-control mechanisms.
  • Used only to run the service. Your data is processed to provide Junior's functionality — we do not sell your personal information.
  • Retention & deletion. Data is retained only as long as needed, and you can request deletion of your data (including AI interaction logs) at any time, subject to legal obligations. See the Privacy Policy for retention periods.

Credentials & connections

Junior connects to your tools via OAuth wherever the provider supports it — you authorize the connection, Junior acts only with the permissions you grant, and you can revoke access at any time from the connected tool or from Junior. Junior operates under the scope you approve, not broad standing access you didn't intend.

Infrastructure & sub-processors

Junior runs on reputable cloud infrastructure and relies on a vetted set of third-party service providers (for example, hosting and frontier model providers) to deliver the service. Junior routes work to frontier models — Claude among them — under our data agreements with those providers. The categories of providers and data sharing are described in the Privacy Policy.

Responsible disclosure

If you believe you've found a security vulnerability, please email [email protected] with the details. We'll acknowledge your report and work with you to validate and address it. Please give us reasonable time to remediate before any public disclosure.

Questions from your security team?

We're happy to walk through our controls or share our current SOC 2 status. Email [email protected], or start with a free trial and see the approval gates for yourself.

Try Junior free → $100 credit