Security | YeexNG

As a provider of products for a diverse user base across the Internet, we fully recognize the importance of protecting user privacy and security. We understand that delivering secure products is crucial for establishing and maintaining user trust. Therefore, we are committed to continuously enhancing the protection of our products and services through dedicated efforts and collaboration across our teams.

Hosting

Our data centres are hosted by Amazon Web Services (AWS), a leading cloud service provider known for its robust security standards. Leveraging AWS allows us to benefit from a highly secure and scalable infrastructure that is continuously audited and holds certifications from accreditation bodies across various geographies and industries. This ensures compliance with the highest security and regulatory standards globally, providing a strong foundation for our users' data security and privacy.

Security Measures in Our Infrastructure:

AWS Security and Compliance:

AWS is certified under numerous compliance standards such as ISO 27001, SOC 1/2/3, PCI DSS, and GDPR, among others. These certifications reflect AWS's commitment to maintaining the highest standards of data security and privacy.

As a result of AWS's regular audits, our data centres benefit from state-of-the-art physical and environmental safeguards, ensuring that our infrastructure remains resilient against a wide range of potential threats.

Secure Application Architecture:

Our application architecture is designed with security at its core, following best practices to protect against various cyber threats. We implement a multi-layered security approach that includes network firewalls, Virtual Private Clouds (VPCs), and security groups to control and restrict access.

We employ Identity and Access Management (IAM) controls to define user permissions and access levels, ensuring that only authorized personnel have access to critical components of our infrastructure.

Database Encryption:

We prioritize the security of user data by employing robust encryption mechanisms for data both at rest and in transit. Our databases are encrypted using industry-standard algorithms such as AES-256, ensuring that sensitive information is safeguarded against unauthorized access.

Encryption keys are managed securely using AWS Key Management Service (KMS), which provides a centralized control point for managing cryptographic keys with fine-grained permissions.

Controlled and Audited Access:

Access to our systems and data is tightly controlled and follows the principle of least privilege. We implement role-based access control (RBAC) to ensure that users have only the necessary access needed to perform their roles.

We continuously monitor and audit access logs to detect and respond to any unauthorized access attempts. Our security team routinely reviews these logs as part of our ongoing efforts to strengthen our security posture.

In-House Security Management:

Our in-house engineers are dedicated to ensuring the security, integrity, and reliability of our systems. They design, implement, and maintain security controls across all layers of our infrastructure.

We conduct regular security audits, vulnerability assessments, and penetration testing to identify and mitigate potential vulnerabilities proactively. This ensures our systems are protected against emerging threats and maintains the highest level of security for our users.

Continuous Monitoring and Threat Detection:

We utilize advanced monitoring and threat detection tools to maintain real-time visibility into our environment. This enables us to quickly identify and respond to potential security incidents before they can impact our users.

Our security operations team is on constant alert, ready to act on any suspicious activity to protect our applications and data.

Up-To-Date Infrastructure and Vulnerability Reporting

We are committed to maintaining a secure and reliable infrastructure for our users by keeping our systems and applications up to date. To achieve this, we implement scheduled security maintenance updates regularly and apply any critical patches as soon as they are released. This proactive approach ensures that our infrastructure is protected against emerging threats and remains resilient in the face of evolving cyber challenges.

Proactive Security Maintenance

Regular Infrastructure Updates:

Our infrastructure undergoes scheduled maintenance updates to ensure all components, including servers, databases, and network devices, are running the latest security patches and firmware versions. This practice helps us mitigate known vulnerabilities and protect against potential exploits.

We follow a structured patch management process that includes testing patches in a controlled environment before deployment, ensuring minimal disruption to our services while maintaining high security standards.

Rapid Application Patching:

When vulnerabilities are identified in our application code, we act quickly to develop and deploy patches. Our engineering and security teams work in close coordination to address these vulnerabilities, ensuring our applications remain secure and resilient.

By prioritizing rapid patch deployment, we minimize the window of opportunity for potential attackers and reinforce the trust our users place in our products.

Setting a New Standard of Trust Online:

We are dedicated to setting a new standard of trust online by continuously improving our security practices and being transparent about how we handle potential vulnerabilities. By fostering a culture of security awareness and proactiveness, we aim to always protect our users and their data.

We recognize that security is a shared responsibility, and we are committed to collaborating with the broader security community to identify and mitigate potential risks.

Collaboration with the Security Community:

We believe that working with the security community is essential for maintaining a secure environment for our users. We welcome security researchers and ethical hackers to help us find vulnerabilities in our products through responsible disclosure.

If you believe you have discovered a vulnerability in any Yeex product, you are encouraged to report it through our vulnerability program. By doing so, you play a vital role in helping us safeguard our users and maintain the integrity of our services.

Our commitment to proactive security maintenance, rapid patching, and collaboration with the security community is at the heart of our approach to protecting user data and building trust online. By staying vigilant and responsive to Proactive Monitoring.

We employ Impressive, worldwide monitoring services to ensure comprehensive oversight of Yeex’s infrastructure 24/7, 365 days a year. This robust monitoring system allows us to detect and respond to any issues or anomalies in real time, ensuring the reliability and security of our platform.

Proactive Monitoring and Incident Response

Global Monitoring Coverage:

Our monitoring services are designed to provide impressive, multi-regional coverage across the globe, ensuring that every component of our infrastructure is constantly observed. This redundancy minimizes the risk of blind spots and ensures continuous visibility, regardless of location or time zone.

Real-Time Alerts and Automated Alarms:

We have implemented a system of automatic alarms that are triggered immediately whenever errors, performance degradation, or other abnormalities are detected. This real-time alerting mechanism allows our teams to respond swiftly, minimizing potential disruptions and maintaining service quality.

Our alert thresholds are fine-tuned to distinguish between minor issues and critical incidents, allowing for appropriate and prioritized responses.

Proactive Issue Resolution:

Upon detecting any issues, our dedicated teams work proactively to diagnose and resolve them before they escalate. This approach helps in maintaining the availability and performance of our platform, ensuring a seamless user experience.

Our incident response protocols are well-defined, with clear steps for identifying the root cause, implementing fixes, and conducting post-incident reviews to prevent future occurrences.

Continuous Improvement and Optimization:

We regularly review our monitoring systems and incident response procedures to ensure they are up-to-date and effective against emerging threats and challenges.

Feedback from these reviews is used to enhance our monitoring capabilities, optimize alert thresholds, and improve our overall infrastructure resilience.

By leveraging a robust, globally impressive monitoring system, we can quickly detect and address any issues, ensuring Yeex’s infrastructure remains reliable, secure, and performant. Our commitment to proactive monitoring and rapid incident response underpins our dedication to providing a dependable service for our users worldwide.

Reliable and secure service you can trust

We adhere to globally recognized information security standards for Information Security Management Systems (ISMS) to ensure the highest level of security for our users' data and our infrastructure. Our commitment to information security is reflected in a multi-layered approach that combines robust technical measures, strategic policies, and continuous employee training.

Key Security Measures

Encryption of Data:

We employ encryption techniques to safeguard data both at rest and in transit. Data is encrypted using industry-standard algorithms such as AES-256, ensuring that sensitive information is secure and unreadable to unauthorized parties.

All communications between our applications and servers are secured using SSL/TLS protocols, providing an additional layer of protection against man-in-the-middle attacks.

Security Controls to Protect Infrastructure:

Our infrastructure is fortified with multiple layers of security controls designed to protect against external attacks and unauthorized access. This includes the use of firewalls, intrusion detection and prevention systems (IDPS), network segmentation, and access controls to ensure that only authorized personnel have access to sensitive systems and data.

We also implement multi-factor authentication (MFA), role-based access control (RBAC), and least privilege principles to further enhance access security.

Internal Policies and Employee Training:

We have established comprehensive internal policies that clearly define our data handling practices, security protocols, and incident response procedures. These policies are regularly reviewed and updated to stay aligned with the latest security standards and regulatory requirements.

Employee training is a critical component of our security strategy. We provide ongoing training programs to ensure that all employees understand their role in maintaining security, are aware of potential threats (such as phishing and social engineering), and know how to respond to security incidents.

Adherence to ISMS Standards

Our Information Security Management System (ISMS) is designed to comply with international standards such as ISO/IEC 27001, ensuring a systematic approach to managing sensitive company and customer information. This includes risk management processes that involve identifying, assessing, and mitigating security risks across the organization.

We continuously assess and improve our security posture through regular security audits, risk assessments, and penetration testing, maintaining the integrity, confidentiality, and availability of our systems and data.

By following globally recognized standards for information security, implementing robust security controls, encrypting data, and fostering a culture of security awareness among employees, we are dedicated to safeguarding user data and protecting our infrastructure against evolving threats. Our commitment to these principles helps us set a high standard of trust and reliability for our users and partners worldwide.

General Data Protection Regulation

We respect the privacy rights of our users and recognize the importance of protecting the personal information of our customers. At Yeex, we are committed to transparency and accountability in how we handle personal data. Our privacy policy provides a clear explanation of how we collect, retain, use, disclose, and transfer personal information (including personal data as defined under the General Data Protection Regulation (GDPR)) and outlines the choices available to users regarding their personal information.

Key Aspects of Our Privacy Policy

Data Collection:

We collect information that users provide directly to us, such as when creating an account, placing an order, or contacting customer support. This may include personal data like names, contact information, delivery addresses, and payment details.

We may also collect information automatically using cookies, tracking technologies, and third-party analytics tools to enhance user experience and service delivery.

Data Retention:

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.

We have strict data retention policies in place to ensure that personal information is securely deleted or anonymized when it is no longer needed.

Data Usage:

The information we collect is used to provide, maintain, and improve our services, process transactions, communicate with users, provide customer support, and personalize the user experience.

We may also use personal information for marketing purposes, such as sending promotional offers and updates about our services, but only if the user has provided consent or if it is allowed by law.

Data Disclosure and Transfer:

We may share personal data with third parties, such as delivery partners, payment processors, and service providers, to perform functions on our behalf and provide our services effectively. These third parties are bound by data protection obligations and are not permitted to use personal data for their own purposes.

In some cases, personal data may be transferred to countries outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect the data in accordance with GDPR requirements.

User Rights and Choices:

Users have the right to access, correct, delete, or restrict the processing of their personal data. They can also withdraw consent for data processing or opt-out of marketing communications at any time.

We provide clear instructions and tools for users to exercise these rights, and we are committed to responding to user requests promptly and transparently.

Commitment to GDPR Compliance:

Our privacy practices are designed to comply with the GDPR, which sets a high standard for data protection and privacy in the European Union. We are committed to upholding these standards and ensuring that user data is handled responsibly and securely.

At Yeex, we prioritize user privacy and take comprehensive measures to protect personal information. Our privacy policy reflects our dedication to transparency, user choice, and compliance with data protection laws like the GDPR. By maintaining clear communication with our users about how their data is managed and providing them with control over their personal information, we aim to build and maintain trust in our platform.

Payment Card Industry Data Security Standard

PCI DSS Level 1 compliance demonstrates that Yeex has established a robust operating model that adheres to the highest standards for payment card security. Achieving and maintaining PCI DSS Level 1 compliance reflects our commitment to safeguarding our customers' payment information and providing a secure transaction environment.

What PCI DSS Level 1 Compliance Means for Yeex

Robust PCI DSS Compliant Operating Model:

Over the years, we have built a comprehensive PCI DSS (Payment Card Industry Data Security Standard) compliant operating model that ensures the security of cardholder data throughout our systems. This includes stringent security measures, processes, and controls that protect sensitive payment card information from unauthorized access and fraud.

PCI DSS Level 1 is the highest level of certification, applicable to organizations that process more than 6 million card transactions annually. It requires adherence to rigorous security standards across all aspects of payment processing.

Annual Validation by External Auditors:

Our ongoing PCI DSS Level 1 compliance is validated annually by a skilled external audit team. These experts conduct thorough assessments to ensure that our systems and processes continue to meet the requirements of the PCI DSS standard.

The annual validation involves a detailed review of our security controls, policies, procedures, and technical infrastructure, ensuring continuous adherence to the 12 core requirements of PCI DSS, including:

Building and maintaining a secure network and systems.

Protecting cardholder data through encryption and other security measures.

Implementing strong access control measures.

Regularly monitoring and testing networks for vulnerabilities.

Maintaining an information security policy.

Ongoing Commitment to Payment Security:

PCI DSS Level 1 compliance is not a one-time achievement but an ongoing commitment to maintaining a secure environment for processing, storing, and transmitting payment card information. We continually assess and improve our security posture to keep up with evolving threats and industry best practices.

This commitment is part of our broader strategy to build trust with our users and partners by ensuring that their sensitive payment information is always protected.

Yeex's PCI DSS Level 1 compliance underscores our dedication to payment security and data protection. With our compliance validated annually by an external audit team, we continue to uphold a secure environment that protects payment card data, strengthens user trust, and aligns with industry standards. This proactive approach to security reflects our ongoing efforts to provide a safe and seamless experience for all our users.