Security at Yeeflow
Yeeflow was founded on the belief that software shouldn’t dictate how you work—you should dictate how it works. The real-time collaborative Yeeflow platform empowers people to design a near-infinite number of useful apps of their own, without ever having to learn how to code. From collaborative editorial planning, to managing global marketing campaigns, to powering the entire back office of an organization, Yeeflow is empowering non-technical workers from all walks of life to rethink decades-old business practices in every industry imaginable.
The flexibility of Yeeflow enables a range of sensitive and mission-critical use cases. As such, we consider privacy and security to be core functions of our platform, as well as foundational requirements for all new feature development. Earning and keeping the trust of our users is our top priority, so we hold ourselves to the highest privacy and security standards.
ISO/IEC 27001 certification
ISO/IEC 27001:2013 is a specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes.
Microsoft Certified Application
Yeeflow is certified by Microsoft as the online application which meet the required Security and Compliance from the Microsoft Cloud App Security. This security, data handling, and compliance information is intended to help organizations assess and manage risk in using Yeeflow.
Privacy compliance and data processing addendum
We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations.
At any time, you may export data from Yeeflow to CSV files or by using the Yeeflow API.
Network and system security
When you visit the Yeeflow website or use one of the Yeeflow apps, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. At rest, Yeeflow encrypts data using AES-256.
Yeeflow servers are located in the Singapore in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Yeeflow’s data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.
We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.
Service reliability and durability
Yeeflow utilizes industry-leading Microsoft Azure hosting infrastructure. Backups are geo-redundantly replicated across multiple availability zones for data durability. Yeeflow maintains business continuity and disaster recovery plans. Components of the disaster recovery plan include multiple site operations playbooks, which are regularly reviewed and rehearsed. Yeeflow implements extensive service monitoring, and our operations team is on call 24x7x365.
Within the Yeeflow product, collaborator permissions can be managed at the workspace level or the application level. These permissions allow you to control who you share a workspace or application with and whether they can modify the workspaces or applications that you’ve shared with them. Yeeflow also enables you to restrict access to the specific data and records from with the global system administrator permission.
Yeeflow supports SAML-based Single Sign On (SSO) and additional administration features for teams on the Enterprise Plan.
Organizational and information security
Yeeflow vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.
Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.
Yeeflow maintains separate production and testing environments.
Yeeflow runs automated application-level security scans on a daily basis, package dependency security advisory scans on a weekly basis, and endpoint scans on a monthly basis. In addition to internal scans, Yeeflow commissions external penetration tests on a regular basis.
As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by Yeeflow.
How to report an issue
If you believe you’ve discovered a security-related issue, please contact us at firstname.lastname@example.org.