Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

Overview

Welcome to Yellow.ai's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Our compliance program is independently audited against multiple international standards. We are certified with ISO/IEC 27001:2022, ISO/IEC 27701:2019, and SOC 2 Type II attested. We comply with applicable data protection laws as both "Processor" & "Controllers". Our audit reports and certificates are accessible upon request after signing an NDA.

To demonstrate our proactive stance on threat detection, we operate a dedicated Vulnerability Disclosure Program (VDP). We actively collaborate with the global security community to identify, report, and rapidly resolve potential vulnerabilities, ensuring our system remains hardened against evolving threats.

Compliance

HIPAA Logo
HIPAA
ISO/IEC 27001:2022 Logo
ISO/IEC 27001:2022
ISO/IEC 27701:2019 Logo
ISO/IEC 27701:2019
SOC 2 Type 2 Logo
SOC 2 Type 2

Yellow.ai Trusted by 1300+ Global Brands including

Logitech-company-logoLogitech
Decathlon-company-logoDecathlon
Ferrellgas-company-logoFerrellgas
Bajaj Auto Ltd-company-logoBajaj Auto Ltd
LuLu Group International-company-logoLuLu Group International
Manipal Hospitals-company-logoManipal Hospitals
ICICI Lombard GIC-company-logoICICI Lombard GIC
Haldirams-company-logoHaldirams
Leadspace-company-logoLeadspace
Burger King-company-logoBurger King
DAZN-company-logoDAZN
Lion Air-company-logoLion Air
iFly Airlines-company-logoiFly Airlines
VIPdesk Connect-company-logoVIPdesk Connect
Lenovo-company-logoLenovo
Cherry Technologies-company-logoCherry Technologies

Documents

REPORTSHIPAA Report
REPORTSSOC 2 Report
REPORTSWebApp Security AssessmentReport
COMPLIANCEHIPAA
COMPLIANCEISO/IEC 27001:2022
COMPLIANCEISO/IEC 27701:2019
COMPLIANCESOC 2 Type 2
AIAI Overview
DATA PRIVACYData Protection Impact Assessment (DPIA)
ACCESS CONTROLBring Your Own Device (BYOD)
NETWORK SECURITYDistributed Denial of Service Protection (Anti-DDoS)
NETWORK SECURITYIDS/IPS

Risk Profile

Data Access LevelN/A
Impact LevelSevere
Recovery Time Objective4 hours
View more

Product Security

Audit Logging
Integrations
Multi-Factor Authentication
View more

Reports

HIPAA Report
Network Diagram
SOC 2 Report
View more

Self-Assessments

VSA Full

Data Security

Access Monitoring
Certificates of Destruction
Data Backups
View more

App Security

Responsible Disclosure
Application Penetration Testing
Bot Detection
View more

AI

AI Overview
AI Training Data and Bias
AI Security
View more

ESG

Anti-Bribery and Corruption
Anti-Competitive Practices
Code of Ethics
View more

Legal

SubprocessorsAmazon Web Services (AWS)-company-logoCloudflare-company-logoGoogle Cloud-company-logoMicrosoft Azure-company-logoMicrosoft Azure-company-logo
Customer Audit Rights
Data Processing Agreement
View more

Data Privacy

Data Breach Notifications
Data Privacy Officer
Data Protection Impact Assessment (DPIA)

Access Control

Access Log Management
Bring Your Own Device (BYOD)
Data Access
View more

Infrastructure

Status Monitoring
Cloud Service Providers
Infrastructure Security
View more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
View more

Network Security

Distributed Denial of Service Protection (Anti-DDoS)
IDS/IPS
Network Penetration Testing
View more

Corporate Security

Asset Management Practices
Email Protection
HR Security
View more

Policies

Acceptable Use Policy
Access Control Policy
AI System Development and Evaluation Policy
View more

Security Grades

We are constantly monitoring the security of our website. We will post our grades from public security rating agencies when they become available.

Incident Response

Incident Reporting Process

Risk Management

Risk Assessments
Supply Chain Risk Management

Asset Management

We have strict asset management policies in place to ensure that all assets are accounted for and secure.

BC/DR

Business Continuity Test
Backup & Restoration Test
Disaster Recovery Drill Test

Training

Employee Privacy Training
Role-Based Training
Security Awareness Training

Change Management

We have a change and configuration management process in place to ensure that changes are properly reviewed and approved.

Physical & Environment

Alarms & Surveillance
Emergency Power & Lighting
Fire Protection
View more

Continuous Monitoring

Automated Alert Response
Event & Audit Log Management

Subprocessors

If you need help using this Trust Center, please contact us.
Contact support
If you think you may have discovered a vulnerability, please send us a note.
Report issue
Built onSafeBase by Drata Logo