Security and Backup Policies

Some Key Upfront Info

The most important thing to state at the start is that Jotto is a private communications tool. Our customers use Jotto to privately share confidential information with their teams/companies. We take this confidentiality very seriously. Each team "instance" is silo-ed, both in terms of content and user authorization. The content is available only to authorized users (as set by the team's administrators). There is no way to "open up" a Jotto instance to the public, and there is no way to share content across Jotto instances.

This means that the content and files that a group posts to their instance of Jotto belongs to that group, and can only be accessed by that group. You can check out privacy policy here


All Jotto content is stored in a secure database hosted on Heroku (owned by and on Amazon Web Services. All information is transmitted securely over https. Our use of cloud infrastructure services allows for excellent security, uptime and scalability.

How information is stored and accessed

Every Jotto instance is private and can only be accessed by authorized users, as determined by the instance administrator. Administrators can choose to authorize users in two ways: 1. through Google authorization for a domain, or 2. by inviting user emails on an individual basis. All passwords are stored in an encrypted format.

There's No "God" Mode Here

  • We do not access client instances (the private team sites) ourselves.
  • We do not read user content on their instance.
  • We do not run screen capture software (like Inspectlet, Mouseflow or Fullstory) on any customer instances.
  • We do not run any sort of analysis, semantic or otherwise, on the content posted by users on their instances.

We do look at metrics on overall usage, i.e. the number of active teams, new posts, and new comments/reactions. However, for the avoidance of any doubt, we'll repeat that we don't look at the content of those posts/comments/reactions, just aggregate numbers.

You can check out privacy policy here.


Jotto automatically runs our own database backups to ensure continuity in the event of a problem. We also enable our customers to download a structured (json) copy of their posts.