Trust & Security
Built for regulated teams, and stated plainly.
Juncture handles pharma content, so its data, identity and compliance posture is written as fact, with the roadmap kept clearly separate. GDPR compliant. Your content is never used to train models and runs on Azure OpenAI. SSO via Microsoft Entra, role-based access, and encryption in transit and at rest.
01/Data and privacy
Your content stays yours.
Juncture is built for regulated pharma teams, so the data posture is plain and stated as fact. GDPR compliant. Your content is never used to train models and runs on Azure OpenAI. Encryption in transit and at rest, with customer-controlled retention and deletion on request.
02/Access and identity
Who gets in, and what they can do.
Access is wired to your identity provider and scoped to a role. SSO via Microsoft Entra with SAML and OIDC, role-based access control, and a named user behind every action.
03/Compliance
Designed to support 21 CFR Part 11.
Juncture provides the technical controls for 21 CFR Part 11: a time-stamped, tamper-evident audit trail, e-signature sign-off, and role-based access control. You validate it for Part 11 use under your own SOPs.
Audit trail
Time-stamped and tamper-evident.
Every check, change and decision is recorded with who did it and when. The trail is the record a reviewer relies on, and it cannot be quietly edited after the fact.
E-signature
Sign-off attributed to a person.
An approval is captured as an electronic signature bound to a named user. The sign-off is on the record next to the asset it cleared.
Access control
The right people, the right rights.
Role-based access control limits who can review, approve and sign. Signing authority is scoped to the roles you assign, so accountability is clear.
Where the line sits
Juncture provides the controls. Your quality team validates the system for Part 11 use under your own SOPs and keeps the validation evidence. We do not describe Juncture as "Part 11 compliant" or "Part 11 validated", because that determination is yours to make and to own.
04/Your responsibility vs ours
Decision support, not a sign-off.
Juncture is decision support. It backs your reviewers with a checked asset and a clear record. It does not replace the required regulatory, medical or legal review, and the accountable decision stays with the people who sign it.
What Juncture does
Ours.
- Pre-check an asset against the approved label and cite the clause behind every verdict.
- Provide the technical controls: audit trail, e-signature sign-off, and role-based access.
- Monitor how AI engines answer about your brand and flag drift against the label.
What stays with you
Yours.
- The accountable regulatory, medical and legal review. Juncture supports it, it does not replace it.
- The final approval decision, made by your named reviewers under your SOPs.
- Validating the system for Part 11 use and keeping your own validation evidence.
05/On the roadmap
In progress, not yet shipped.
The items below are roadmap commitments, not current facts. We list them here, clearly separated from what Juncture provides today, so there is never any doubt about which is which.
SOC 2
We are working toward a SOC 2 examination. It is not complete, and Juncture does not hold a SOC 2 report today. We will say so here when it does.
Veeva Vault PromoMats connector
A live connector to route a cleared asset and its record straight into Veeva Vault PromoMats is in development. It is not yet generally available.
Further certifications
Any additional certifications or attestations we pursue will be listed here as planned or in progress until they are issued. We do not claim a certification before it exists.
06/Trust questions
Questions about trust and security
Bring it to your security team
See the controls on your own asset.
Bring an asset and a brand. We will walk your team through the audit trail, the sign-off, the access model and the data path, on a live pre-check.