To protect the data entrusted to us, Yebo-AI uses multiple layers of administrative, technical, and physical security controls across our organization. Below is a summary of our most frequently asked security controls.
Use the sections below to explore how we secure infrastructure, applications, and customer data.
Jump to
Yebo-AI does not host any product systems or data in its physical offices. We outsource hosting of our product infrastructure to leading cloud infrastructure providers such as Google Cloud Platform Services and Amazon Web Services. Our product infrastructure resides in the United States.
Multiple layers of filtering and inspection are applied to all connections through our web application, logical firewalls, and security groups. Network ACLs prevent unauthorized access. By default, firewalls deny any connection not explicitly authorized. Firewall rules are periodically reviewed.
Our infrastructure is highly automated and scales as needed. Server configurations are embedded in images and configuration files used when provisioning new containers. Each container includes hardened configuration, and changes follow a controlled change process.
Server instances are controlled from provisioning to deprovisioning. Deviations from baseline are detected and reverted within a predefined interval. If a production server deviates, it is overwritten with the baseline configuration within 30 minutes. Patch management is handled via automation or by terminating non-compliant instances.
Actions and events within Yebo-AI are logged consistently and stored in a centralized logging solution. Security-relevant logs are retained to support investigation and response. Write access is strictly limited.
Monitoring, alerting, and automated responses detect anomalies such as error spikes, abuse scenarios, or application attacks. Automated triggers can throttle traffic or terminate processes at predefined thresholds.
Customer content hosted on the platform is protected by firewalls and application-level security measures. Monitoring tools watch the application layer and can raise alerts about malicious behavior. Detection and blocking rules align with OWASP best practices, including the OWASP Top 10. DDoS protections help ensure continuous availability.
We use a continuous delivery approach with regular deployments. Code reviews, testing, and merge approvals occur before deployment. Static code analysis runs regularly and blocks known misconfigurations.
Dynamic testing is performed periodically. New code deploys first to a dedicated QA environment before being promoted to production. Network/project segmentation prevents unauthorized access between QA and production. Deployments are automated with rollback processes for failures. Feature rollouts can be managed via controlled release strategies (private beta, public beta, full release).
We run regular vulnerability scans with updated detection signatures and adaptive allowlists for discovery. Annual penetration tests are conducted across applications and infrastructure. Findings are evaluated and mitigations prioritized accordingly.
Customers are responsible for capturing only appropriate information for marketing, sales, service, content, and operations. Yebo-AI products must not be used to collect or store sensitive information (e.g., payment card numbers, financial account details, Social Security numbers, passport numbers, or health information) unless explicitly permitted.
Yebo-AI is a multi-tenant SaaS platform. Customer data is logically segregated using unique identifiers and continuously validated authorization rules. Authentication, application availability, and access/modification events are logged.
Keys for in-transit and at-rest encryption are securely managed. TLS private keys are managed via our content delivery partner. At-rest encryption keys are stored in a hardened KMS and rotated at varying frequencies. TLS certificates are generally renewed annually. Customer-provided keys are not currently supported.
We aim to minimize downtime. Services are designed with redundancy across multiple availability zones and VPC networks. Web, application, and database components support point-in-time recovery.
Backups run regularly on defined schedules and are monitored for success. Seven days of backups are retained for each database for easy restoration. Failure alerts are escalated, investigated, and resolved.
Because we use public cloud services for hosting, backup, and recovery, Yebo-AI does not maintain physical storage media (paper, tape, etc.) as part of product operations.
Backups are protected by access controls and write-once-read-many (WORM) protections, plus file-system ACLs.
Customers do not have infrastructure access for customer-initiated failover. Disaster recovery is managed by Yebo-AI engineering. In some cases, customers can use a recycle bin to recover certain objects up to 30 days after deletion, and version history to restore prior versions of pages/posts/emails. Export options and public APIs are available to support additional customer backup needs.
Yebo-AI supports granular authorization rules so customers can manage users, assign privileges, and restrict access as needed.
Native login enforces a password policy requiring a minimum of 8 characters and a mix of lowercase/uppercase letters, special characters, and numbers. Customers using integrated login are protected by two-factor authentication; portal admins can require 2FA for all users.
Access is strictly controlled with RBAC. Day-to-day access is minimized and persistent admin access is restricted. Direct SSH access is prohibited; engineers authenticate via a bastion (“jump box”) or must be assigned the appropriate IAM role before accessing server environments.
Support/Services teams may have limited access to help customers use the platform. Access can be granted just-in-time (JITA) for a limited period (up to 24 hours), with each request logged and monitored for unusual activity.
When using JITA Portal, employees cannot perform high-risk actions such as:
Corporate network access requires MFA. Password policies follow industry best practices. Admin credential vaults are used where appropriate, with access governed by RBAC or JITA. Access and permissions are reviewed every six months.
Employees undergo third-party background checks before receiving a formal offer. Upon hiring, employees accept the Employee Handbook and Code of Conduct defining security responsibilities.
We maintain written policies and procedures, including a foundational Written Information Security Policy covering data handling, privacy considerations, and disciplinary actions. Policies are reviewed and approved at least annually.
Employees complete CyberSafety training on hire and annually thereafter, including phishing awareness.
Third-party vendors may support product development and internal operations. We require appropriate security and privacy controls contractually and maintain a list of subprocessors in our Data Processing Agreement.
Company-issued laptops are centrally managed and configured for full-disk encryption. Mobile Device Management (MDM) is used to enforce security policies, deploy apps, and ensure compliance.
Please refer to our Terms of Service and Privacy Policy for additional information about how and why we process data. While customers may pay by credit card, Yebo-AI does not store, process, or collect customers’ submitted credit card information and is not PCI-DSS compliant. We use PCI-compliant payment processors.
As described in our Privacy Policy, we do not sell personal data to third parties. Controls described here, together with other measures, are designed to keep data private and unaltered.
Customer data is retained while customers are active. Current and former customers may submit written requests for certain data deletion; we will comply as required by privacy regulations. Certain data (e.g., logs/metadata) may be retained for security, compliance, or legal needs. Custom retention policies are not currently supported.
Our legal team works with engineering and product teams to implement an effective privacy program. Additional detail is described in our Privacy Policy and Data Processing Agreement.
Yebo-AI will notify customers, as required by law, if a security breach is detected that affects their personal data.
Reach out and we’ll help you understand how Yebo-AI protects your data and supports your compliance needs.