Yes, we know, every tech company tells you that security is a top priority for them, and in that regard, we are no different. But we really mean it and we want to share with you how we are enabling end-to-end secure commerce for the messaging era.
1. We partner with the best
We use industry-leading third-party providers to have the best and most secure possible service. Before establishing a partnership with any of them, we ensure that they comply with the best security practices, and that they have certifications and audit reports that support them.
Our main service providers are:
- Google Cloud: Cloud infrastructure and servers; databases and analytics.
- Amazon Web Services: Cloud service provider. We use AWS primarily for the creation of integrations with customers and third parties.
- FusionAuth: Provider of Identity and Access Management (IAM) for platform services.
- WhatsApp/Facebook: Partners for receiving and delivering messages to users.
2. All customer conversations are end-to-end encrypted
Messages are protected by the same Signal encryption protocol that protects messages on secure messaging platforms like WhatsApp and Telegram. When customers message your Yalo business account, their messages are delivered securely to destinations chosen by you.
3. We operate in a secure cloud environment and all data is stored in a secure, encrypted data warehouse
Our systems are in a Virtual Private Cloud (VPC), with access secured by role based access control. All system updates are performed in a secure way by automated tools. On top of that, by default, Yalo manages the cryptographic keys on your behalf using hardened key management systems. These systems include strict key access controls and auditing. Conversation data and metadata is encrypted under the Advanced Encryption Standard (AES).
4. And of course, we adhere to the industry standards you expect
We treat your data protection seriously. As specified by the international standard of ISO/IEC 27001:2013, we perform quarterly vulnerability assessments on all systems against known risks in information security. We also implement Cloud Security Posture (CSP) mechanisms for endpoint protection, triage and remediation of security-related incidents, as per the recommendations of the SOC-2 standard. We are committed to the continued hardening of our security posture with ISO 27007 and ISO 27018 and PCI DSS for the end of 2022.
5. We ensure the privacy and security of end users while using our services
Yalo is committed to the preservation, protection and due use of personal data. We have implemented the following security controls that align with applicable regulations and laws, such as the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), the Personal Data Protection Regulation (GDPR), among several others:
- Updated Privacy notice, which specifies that Yalo will only use personal information to provide the right conversational service with the client.
- Protected information at rest, transit, and during its processing. Security controls include the aforementioned: data encryption in the database, use of secure transmission protocols, network perimeter security, logical access control, etc.
- Access, Rectification, Cancellation and Opposition requests (ARCO rights) are handled centrally at the times stipulated by law: infosec@yalochat.com.
- The information can be masked when it is not necessary to provide the service. In this way personal information would not be stored in the database.
ResourcesB2B CommercePartners
.png)
