Security Statement

Yeti Marketing takes measures to avoid and nullify attempts by third-parties to compromise data of users of Yeti Marketing. This document details the measures that we have taken while building and deploying the software.

Security Measures

API authentication happens with OAuth 2.0 for both client and user access. At code level, CSRF, Form tampering, SQL Injection and XSS prevention have been deployed. Cloudflare is used as a Firewall. Network is SSL encrypted. Data access happens through multi-factor authentication and data is encrypted in transit and at rest.

Compliance

The environment that hosts Yeti maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports.

Availability & Recovery

Our infrastructure will run on systems that are fault tolerant, for failures of individual servers or even entire data centers. Customer Data will be stored redundantly at multiple locations in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures, which allow recovery from a major disaster. Customer Data and our source code are automatically backed up nightly.

Confidentiality

We place strict controls over our own access to the data. We have technical controls and audit policies in place to ensure that if any, access to Resources is logged. We do a review of these policies routinely every 90 days along with security audits. All of our employees and contract personnel are bound to our policies regarding Customer Data.

Encrypted Transactions & Storage

Web connections to Yeti Marketing will be via TLS 1.2 and above. We support forward secrecy and AES-GCM and prohibit insecure connections. All files at rest and in transit are encrypted using 256-bit Advanced Encryption Standard (AES).