ISO/IEC 27001 certification

ISO/IEC 27001:2013 is a specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes.

View certificate

Microsoft Certified Application

Yeeflow is certified by Microsoft as the online application which meet the required Security and Compliance from the Microsoft Cloud App Security. This security, data handling, and compliance information is intended to help organizations assess and manage risk in using Yeeflow.

View the online report

Privacy compliance and data processing addendum
We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations.

You can learn more about Yeeflow’s privacy practices in our Privacy Policy.

At any time, you may export data from Yeeflow to CSV files or by using the Yeeflow API.

Network and system security
When you visit the Yeeflow website or use one of the Yeeflow apps, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. At rest, Yeeflow encrypts data using AES-256.

Yeeflow servers are located in the Singapore in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Yeeflow’s data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.

We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.

Service reliability and durability
Yeeflow utilizes industry-leading Microsoft Azure hosting infrastructure. Backups are geo-redundantly replicated across multiple availability zones for data durability. Yeeflow maintains business continuity and disaster recovery plans. Components of the disaster recovery plan include multiple site operations playbooks, which are regularly reviewed and rehearsed. Yeeflow implements extensive service monitoring, and our operations team is on call 24x7x365.

Product security
Within the Yeeflow product, collaborator permissions can be managed at the workspace level or the application level. These permissions allow you to control who you share a workspace or application with and whether they can modify the workspaces or applications that you’ve shared with them. Yeeflow also enables you to restrict access to the specific data and records from with the global system administrator permission.

Yeeflow supports SAML-based Single Sign On (SSO) and additional administration features for teams on the Enterprise Plan. 

Organizational and information security
Yeeflow vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.

Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.

Yeeflow maintains separate production and testing environments.

Application security
Yeeflow runs automated application-level security scans on a daily basis, package dependency security advisory scans on a weekly basis, and endpoint scans on a monthly basis. In addition to internal scans, Yeeflow commissions external penetration tests on a regular basis.

As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by Yeeflow.

How to report an issue
If you believe you’ve discovered a security-related issue, please contact us at support@yeeflow.com.