Yes, we know, every tech company tells you that security is a top priority for them, and in that regard, we are no different. But we really mean it and we want to share with you how we are enabling end-to-end secure commerce for the messaging era.
We use industry-leading third-party providers to have the best and most secure possible service. Before establishing a partnership with any of them, we ensure that they comply with the best security practices, and that they have certifications and audit reports that support them.
Our main service providers are:
Messages are protected by the same Signal encryption protocol that protects messages on secure messaging platforms like WhatsApp and Telegram. When customers message your Yalo business account, their messages are delivered securely to destinations chosen by you.
Our systems are in a Virtual Private Cloud (VPC), with access secured by role based access control. All system updates are performed in a secure way by automated tools. On top of that, by default, Yalo manages the cryptographic keys on your behalf using hardened key management systems. These systems include strict key access controls and auditing. Conversation data and metadata is encrypted under the Advanced Encryption Standard (AES).
We treat your data protection seriously. As specified by the international standard of ISO/IEC 27001:2013, we perform quarterly vulnerability assessments on all systems against known risks in information security. We also implement Cloud Security Posture (CSP) mechanisms for endpoint protection, triage and remediation of security-related incidents, as per the recommendations of the SOC-2 standard. We are committed to the continued hardening of our security posture with ISO 27007 and ISO 27018 and PCI DSS for the end of 2022.
Yalo is committed to the preservation, protection and due use of personal data. We have implemented the following security controls that align with applicable regulations and laws, such as the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), the Personal Data Protection Regulation (GDPR), among several others: