Your data is secure with Yuno

Our commitment to security is of utmost seriousness and highest importance within the Yuno team, both with regard to sensitive customer and end-customer data.

Our top priority is your trust and safety

As a payments infrastructure company, our security posture continually evolves to meet the rigorous standards of the global financial industry.
Infrastructure
Industry best practices underly Yuno’s infrastructure.
Product
Security is at the core of Yuno’s product philosphy.
Personnel
Every Yuno employee is vetted and trained.
BENEFITS

Our infrastructure
is highly secure

Physical infrastructure security
Yuno's infrastructure is hosted in AWS data centers, and places reliance on AWS's audited security programs for the efficacy of physical, environmental, and infrastructure security controls.
Data in transit
All data at Yuno is processed under the TLS (Transport Layer Security) protocol version v1.2, which helps us guarantee the security of the Yuno website, making it resistant to attacks that exploit weaker versions of TLS.
Data at rest
At Yuno we use Advanced Encryption Standard (AES) with 256-bit keys when encrypting sensitive data within the vault. Each confidential record within the vault is previously encrypted under the SHA-512 hashing algorithm where irreversible and unique hashes are generated. It is then encrypted using a separate, randomly generated encryption key.
Data access monitoring
Yuno policies and procedures ensure access to data is within a particular employee’s scope of duty only. All access is based on the principle of least privilege. User-role assignment works to satisfy the least privilege principle and technical controls include enforcement of 2FA and VPN.
Backups
Yuno uses AWS native functionality to backup systems and data. All data is stored on the Amazon Relational Database Service and configured securely. Backups take place on a daily basis and access to them is restricted by user role in AWS.
BACK
NEXT
PRODUCT

Security is key to our product.

Software development life cycle
Yuno uses a continuous and secure build and release process informed by industry practices including OWASP. New features and enhancements are peer reviewed and analyzed for security issues prior to release. Yuno also has a dedicated QA team that analyzes all code for issues prior to deployment into production.
Penetration testing and bug bounties
Yuno is committed to working with industry experts and security researchers to ensure our products are the most secure they can be for our customers. Yuno has an external firm conducting penetration tests for our product and we also partner with HackerOne’s bug bounty program in order to continuously improve our security posture.
Application monitoring and protection
All app access is logged and audited. We also use a web application firewall in order to identify and eliminate threats as well as other technologies which inspect traffic streams.
Vulnerability and patch management
Patch management occurs within the context of Yuno's change management process. Externally- and internally-facing services are patched on a need-to-update basis. Any issues that are discovered are triaged and resolved according to their severity within the Yuno environment.
PERSONNEL

Our personnel is trained and response-ready.

Security trainings and awareness
At Yuno we carry out security and privacy awareness training for our technical and non-technical roles. This includes training on phishing awareness campaigns.
Formal security policies
Yuno has security policies that are kept up-to-date to meet the changing security environment.
Incident response plan
Yuno has a dedicated incident response team and plan that will coordinate with legal, product, and support teams to detect and respond to information security.