We also speak
We also speak
We also speak
get in touch
homeaboutindustriesNEWSblogSuccess StoriesDocumentationcareersSecurityEVENTSpartnersloginget in touch

Security at Yalo


Yalo operates in a secure cloud environment

Our systems are in a Virtual Private Cloud (VPC), with access secured by role based access control. All system updates are performed in a secure way by automated tools.

Your customer conversations are end-to-end encrypted

Privacy is part of our DNA. Messages are protected by the same Signal encryption protocol that secures messages on secure messaging platforms like WhatsApp, Signal, and Telegram. When customers message your Yalo business account, their messages are delivered securely to destinations chosen by you.

Conversational data is stored in a secure, encrypted data warehouse

By default, Yalo manages the cryptographic keys on your behalf using hardened key management systems. These systems include strict key access controls and auditing. Conversation data and metadata is encrypted under the Advanced Encryption Standard (AES).

We adhere to the
industry standards you expect

We treat your data protection seriously. As specified by the international standard of ISO/IEC 27001:2013, we perform quarterly vulnerability assessments on all systems against known risks in information security.
Our security practices are built around industry norms like ISO 27001:2013. We expect to achieve compliance with this standard by December 2022. If you are a partner and would like a walkthrough of our security roadmap, please write infosec@yalochat.com.
We implement Cloud Security Posture (CSP) mechanisms for endpoint protection, triage and remediation of security-related incidents, as per the recommendations of the SOC 2 standard. We are SOC 2 Type I compliant and are planning full SOC 2 Type II compliance by May 2022.

We use industry-leading providers

Yalo uses third-party providers to provide the best possible service.
Before establishing a partnership with any of them, we ensure that they
comply with our security practices, and that they have certifications
and audit reports that support them. Our main service providers are:
  • Google Cloud: Cloud infrastructure and servers; databases and analytics.
  • Amazon Web Services: Customer integrations and connections to third parties.
  • FusionAuth: Provider of Identity and Access Management (IAM) for platform services.
  • WhatsApp/Facebook: Partners for receiving and delivering messages to users.

Your customers' privacy is our first priority

Yalo is committed to the preservation, protection and due use of personal data. Our platform is designed to ensure privacy and security of end users while using our services. As a company committed to the protection and confidentiality of our client's personal data, we have implemented measures in compliance with the corresponding regulations for its adequate safeguard and sue, such as:
  • Protected information at rest, transit, and during its processing.
  • Network perimeter security, logical access control, etc.
  • Access, Rectification, Cancellation and Opposition requests (ARCO rights) handled centrally at the times stipulated by law.
  • Masking of Personally Identifiable Information (PII) to avoid storing such confidential information in a database.
Platform functionalities, as well as integrations with other external applications, can be customized for each client. In this way we can meet the different safety and use requirements.

For more information contact infosec@yalochat.com


Proximity is power

We have a team and office near you


Mexico City


San Francisco








São Paulo