Security at Yeeflow

ISO/IEC 27001 certification

ISO/IEC 27001:2013 is a specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes.

Microsoft Certified Application

Yeeflow is certified by Microsoft as the online application which meet the required Security and Compliance from the Microsoft Cloud App Security. This security, data handling, and compliance information is intended to help organizations assess and manage risk in using Yeeflow.

Privacy compliance and data processing addendum

We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations.

You can learn more about Yeeflow’s privacy practices in our Privacy Policy.

Network and system security

When you visit the Yeeflow website or use one of the Yeeflow apps, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. At rest, Yeeflow encrypts data using AES-256.

We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.

Service reliability and durability

Yeeflow utilizes industry-leading Microsoft Azure hosting infrastructure. Backups are geo-redundantly replicated across multiple availability zones for data durability. Yeeflow maintains business continuity and disaster recovery plans. Components of the disaster recovery plan include multiple site operations playbooks, which are regularly reviewed and rehearsed. Yeeflow implements extensive service monitoring, and our operations team is on call 24x7x365.

Product security

Within the Yeeflow product, collaborator permissions can be managed at the workspace level or the application level. These permissions allow you to control who you share a workspace or application with and whether they can modify the workspaces or applications that you’ve shared with them. Yeeflow also enables you to restrict access to the specific data and records from with the global system administrator permission.

Yeeflow supports OAuth 2.0 and SAML-based Single Sign On (SSO) and additional administration features for teams on the Enterprise Plan.

Organizational and information security

Yeeflow vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.

Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.

Application security

Yeeflow runs automated application-level security scans on a daily basis, package dependency security advisory scans on a weekly basis, and endpoint scans on a monthly basis. In addition to internal scans, Yeeflow commissions external penetration tests on a regular basis.

As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by Yeeflow.

Compliance with Data Privacy Regulations

Yeeflow is dedicated to meeting global data privacy regulations, including the General Data Protection Regulation (GDPR) and other relevant frameworks. Our compliance strategy includes the following:

Data Subject Rights: Yeeflow empowers customers to manage data subject rights in compliance with GDPR and similar privacy regulations:

• Right to Access: Yeeflow customers have full control over designing the data they store on the platform and can set access permissions accordingly. This flexibility allows organizations to align data storage and access with their privacy and security policies.
• Right to Be Forgotten: Organizations using Yeeflow can delete user data as needed, ensuring complete removal from active systems and backups, following regulatory requirements.
• Data Portability: We provide data export tools in commonly used formats, allowing users to transfer their data in line with data portability requirements.

Cross-Border Data Transfers: Yeeflow is hosted on the Microsoft Azure Singapore data center, which is located outside of the EU:

• Data Residency: While the data is stored in the Singapore data center, customers have the flexibility to design their data management and storage practices to meet specific regulatory requirements.
• Compliance with Transfers: Although not based in the EU, Yeeflow supports compliance by adhering to the necessary safeguards and standards for secure cross-border data transfers.

Data Processing and Protection: Our platform is designed with robust data protection measures to ensure compliance with global privacy regulations:

• Data Minimization: Yeeflow provides customers the flexibility to determine which data to store, allowing them to adhere to the principle of data minimization.
• Data Encryption: All data is encrypted in transit using secure encryption protocols. Yeeflow also offers custom fields for customers to encrypt personal data at rest, adding an additional layer of security tailored to customer needs.

Data Breach Response: Yeeflow has a comprehensive protocol to address potential data breaches:

• Breach Notification: In compliance with GDPR and other data privacy regulations, Yeeflow commits to notifying affected customers and relevant authorities within 72 hours of a confirmed breach.
• Investigation and Resolution: Our incident response team promptly investigates any incidents, implements remedial actions, and provides ongoing communication to customers regarding the situation.

Business Continuity

Yeeflow is designed with a comprehensive business continuity strategy to ensure platform availability and data integrity, even in the face of potential disruptions. Our business continuity measures include:

High Availability: Yeeflow’s architecture employs redundancy, load balancing, and a Service-Oriented Architecture (SOA) structure to maintain high availability:

• Redundant Services: The platform features redundant front-end and logic services, which are balanced using Network Load Balancing (NLB) to ensure seamless service backup. The SOA structure allows for flexibility and scalability, reducing the impact of hardware failures or network issues on platform performance.
• Database Redundancy: Yeeflow employs a master-slave database setup, enabling real-time replication of data. This redundancy allows uninterrupted access to data, even in the event of a primary database issue.

Data Backup and Recovery: Protecting your data is a top priority, and we have implemented a multi-tier backup strategy:

• Real-time Binlog Backup: Our platform supports real-time binlog backups to capture ongoing changes in the database, ensuring data can be recovered to any specific point in time if needed.
• Daily Incremental Backups: Yeeflow performs daily incremental backups at remote locations to protect against data loss, ensuring that the latest data changes are securely stored offsite.
• Weekly Full Backups: In addition to incremental backups, we conduct full database backups weekly at remote locations to maintain comprehensive data protection.
• Server Snapshots: Regular server snapshots allow for rapid recovery of the platform to a predefined environment in case of unexpected incidents.

Disaster Recovery Plan (DRP): Yeeflow has a robust Disaster Recovery Plan in place to address potential system disruptions:

• Recovery Time Objective (RTO): Our DRP is designed to restore platform services within 4-8 hours, ensuring minimal downtime and continuity of business operations.
• Recovery Point Objective (RPO): Yeeflow’s backup strategy aims to minimize data loss, with the ability to recover data to the point of the last real-time binlog backup.

DevOps and Continuous Updates: Yeeflow adopts DevOps practices to facilitate continuous updates and system deployment:

• Automated Deployment: Our platform uses automated deployment pipelines to ensure updates are rolled out smoothly and with minimal interruption to users.
• Monitoring and Alerting: Yeeflow employs advanced monitoring tools to continuously track system performance, automatically alerting our team of any irregularities that might indicate potential disruptions.