YData, Lda is not a cloud service provider, however, we use providers which are hosted on their data centers, such as Google, Microsoft and Amazon Web Services. They are leading cloud infrastructure providers with top-class safety standards. They are able to respond quickly to both operational and security, including well-defined change management policies and procedures to determine when and how change occurs.
Google is compliant with the following standards:
Amazon is compliant with the following standards:
Azure is compliant with the following standards:
Both physical access perimeters and entry points are strictly controlled by professional security personnel. Authorized personnel must pass a minimum of two-step verification to gain access to the authorized center floors.
We have applied internal security policies that are in line with the industry's ISO 27001. We are regularly training our employees in safety and privacy awareness, which protects technical and non-technical roles. Training materials are developed for individual roles so that employees can fulfill their responsibilities appropriately.
Users can log in via Security Assurance Markup Language or Google Sign In or OpenID services. We create sign up forms in such a way that the user can be easily identified, such as name, email ID, and more.
All requests in the YData API must be approved. Data writing requests require at least reporting access as well as an API key. Data reading requests require full user access as well as application keys. These keys act as carrier tokens to allow access to the YData service functionality. We also use Auth0 in user identification. Auth0 can never save a password because the password is encrypted when the user logs in, and compares with AuthO's encrypted password to see if they are using the correct password.
The user can change and save the password as he wishes. The user can use all types of characters to strengthen his password.
User uploaded information or data will be considered confidential to us, which is stored in encrypted form from the public network. Data for a limited time without user request, not allowed to come out.
All data transmitted layer protection (TSL) and HTTP sent by users protected using Strike Transport Security (HSTS). The application is usable if encrypted communication is compromised.
User uploaded data is not transferred from one data center to another. Encryption is used in many places to protect customer information, such as: IS-266 with encryption at rest, incomplete encryption (PGP) for system backups, KMS-based protection for privacy protection, and GPG encryption.
Users can use the data stored for business or administrative purposes, but they have to go through many security levels, including multi-factor authentication (MFA).
Our Frontend Framework React (originally maintained by Facebook) combines the use of unique user tokens to protect your users against common threats such as cross-site scripting (CSS / XSS) and cross-site request fraud (CSRF / XSRF). This makes it impossible for the user to access data from another user's account.
The cloud service providers used by YData, Lda are compatible with General Data Protection Resolution (GDPR). GDPR is working to expand its products, methods and processes to fulfill its responsibilities as a data processor.
YData's security and privacy teams have established a vendor management program that determines the need for YData to be approved when it involves third parties or external vendors. Our security team recognizes that the company’s information resources and vendor reliance are critical to our continued activities and service delivery. These spaces are designed to evaluate technical, physical and administrative controls and ensure that it meets the expectations of it and its customers.
It is a monitoring service for infrastructure and applications. Our CCPA compliance process may provide additions so that our customers can fulfill their obligations under the CCPA if there is access to personal data, while we make no plans to transfer, process, use or store personal information.
The way you communicate with us or the servers is SSL / TLS encrypted. We protect our servers from DDOS, SQL injection and other fraudulent activities. If one wants to interrupt the data transfer, one can only see a mixture of some characters, which is almost impossible to decrypt. All data in our database is encrypted with industry standard AES-256.
The data stored in the bucket and database is distributed and copied to different servers. If a bucket or database fails, it is usually recovered from a different server without targeting other users.
Databases are backed up on a daily basis and can be restored if the software or server fails significantly. Backups are stored in various European data centers for extra protection.
It is not possible for us to recover individual customer information - if you delete something in your account, it will be permanently deleted and we will not be able to recover it.
The functionality of our applications and databases is monitored 24/7 through in-built monitoring tools provided by Google, Azure and Amazon Web Services. Internal errors or failures of our various integrations trigger logins and notifications. This usually helps us to identify the problem very quickly and remedy the situation.
If something serious happens and your data is damaged as required by GDPR, we will disclose in full (such as a data breach). Transparency is important to us and we will provide you with all the necessary information to properly assess the situation and potential impact. So far no customer data has been compromised and we aim to keep it that way.
Please let us know if you have any bugs about our safety issue, we will try to resolve your issue. And don't reveal it until the problem is solved.