Privacy, Security & Compliance
are at the Heart of Our Platform.

Platform compliance

Compliance 1
HIPPA

Health Insurance Portability and Accountability Act

Compliance 2
ISO 27001

ISO 27001:2013 Certification

Compliance 3
GDPR

General Data Protection Regulation

Compliance 4
ISO 27018

ISO 27001:2019 Certification

Platform security

Platform Security 1
Platform Security 2
Platform Security 3

For starters, our platform can be accessed by authorization with user-level access defined. We leverage industry-standard SSO solutions to grant company users access to their company’s bot project and integrations. We support Google SSO, Microsoft SSO, ADFS & Azure AD at the platform level. In addition to that, at the bot level, we support AD, LDAP, SAML and have standard support for OAuth2.

Platform Security 1

We enable role-based access permission levels within the platform to be set for your teammates. Permissions can be set for roles such as developer, admin, tester, engagement manager, insights, and analytics; wherein users can have permission to change workflow, integrations, databases, bot training, intent mapping, and more, depending on the access granted.

Platform Security 2

yellow.ai enforces a password complexity standard and credentials are encrypted using salted hash (SHA -256).

Platform Security 3

Network and data security

The yellow.ai services and data are hosted in Microsoft Azure facilities across India, SEA, Middle East, and soon launching in the US. And because data is gold, our platform was built with disaster recovery in mind. All of our infrastructure and data are spread with N+1 availability zones and will continue to work should any one of the data centers fail. Fingers crossed.

Enterprise data security 1

All the data in transit to and fro the platform is SSL TLS 256 encrypted (HTTPS). And to keep access in check, our keys are maintained in Vaults, and the same are recycled every quarter.

Enterprise data security 2

yellow.ai uses 3rd party security tools to continuously scan for vulnerabilities. Our dedicated security team members respond to issues raised. In fact, every year, we engage third-party security experts to perform detailed penetration tests on the yellow.ai platform.

For complying with various countries and their data laws, we also offer redaction/masking of PII/sensitive information on the data layer of the yellow.ai platform. We’ve also got you covered for WAF, DDOS, IPS & IDS.

Enterprise data security 3

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network.

Enterprise data security 4
Enterprise data security 1
Enterprise data security 2
Enterprise data security 3
Enterprise data security 4

Latest insights

Learn more about our terms of use
and privacy policy