Legal / Security Policy

08.19.2023

Security Policy

Security is very important to Yarket and everyone here is doing their best to keep your data secure. While we cannot reveal every measure we have in place (as this could be used against us by the very actors we protect ourselves against), we can give you a high-level overview of how we actively keep you and your data safe describing some of our internal security policies and how those translate into creating a secure platform that you can trust.

GDPR

    We are committed to follow and implement all the guidelines and recommendations from GDPR with regards to all the data and information we handle, process, and store at Yarket.

Cloud Infrastructure

    Yarket is hosted on secure servers and delivered through Amazon Web Services (AWS) using services such as AuroraDB and S3, configured to use AES-256 encryption for all data at rest. AWS is recognized for data centers that are built to withstand all types of threats and are certified for high quality and security.

  • We take backups that are stored on multiple devices across multiple facilities in multiple availability zones. Daily backups ensure we can restore your data in case of failure or accidental deletion.
  • All files that you upload are stored on servers that use the latest techniques to remove bottlenecks and points of failure.
  • We use different storage for user and application data. These servers are not exposed anywhere but the internal network, which is isolated from the internet.
  • We use load balancers to ensure Yarket is online even with high traffic. Load balancers distribute requests to multiple servers, and this ensures that Yarket can withstand attacks like DDoS.
  • All AWS servers are encrypted with AES-256. This is the same level of encryption the US government uses for Top Secret information.

Application Security

    To keep our users and their data safe, we continually and carefully monitor, fix and prevent any security vulnerabilities.

  • Yarket runs behind a firewall and is updated regularly with the latest security patches.
  • We use automated tools to review and automatically scan Yarket for well-known vulnerabilities.
  • All information passed back and forth between our server and your computer is encrypted (SSL/TLS 1.2). This means if anyone were to "listen in" and try to get to this data, they wouldn’t be able to read or decrypt it.
  • We have strong password policies and alternative secure means of authentication. Your passwords are stored, hashed and salted in encrypted servers, which means Yarket staff don’t know or have access to your password.
  • We use in-depth monitoring services to visualize performance, detect irregular activity patterns, and ensure that our entire infrastructure is functioning as it should. This leads to excellent service performance and uptime.

SSL Encryption

    All of Yarket is served over HTTPS by default.

  • HTTPS is used to create an encrypted link between a browser and web server. This prevents attackers from snooping on the traffic between the two.
  • Yarket uses a PositiveSSL certificate to secure online transactions for customers.
  • Any data you submit to Yarket over a https connection will be securely encrypted with the strongest available algorithms.
  • The SSL certificate used by Yarket carries a $50,000 warranty to further protect customer purchases. This means that you are insured for up to $50,000 when relying on the information provided by IdAuthority on Yarket.

Data Classification

    We like to keep our data organized, and for that we created different categories on which all Yarket's data needs to be categorized. The categories define who can access it and which level of monitoring they receive:

  • Public information - Information available in our main website and marketing information.
  • Internal information - Unreleased information and details about Yarket roadmap.
  • Private information - Details about Yarket operational data
  • Confidential information - Customers' data and Yarket team' information.

We protect your billing information

    Your card information is transmitted, stored, and processed securely by Stripe - a PCI-Compliant third-arty provider, where all transactions are processed using secure encryption - the same level of encryption used by leading banks. In our infrastructure we do not see, save or store credit card information in any way.

Encryption

    Yarket uses the most advanced encryption technology publicly available to secure data. Using PKCS (Public Key Cryptography Standard) #1 SHA-256 with 2048-bit RSA encryption, Yarket encrypts data at rest as well as all network traffic into and out of AWS. In addition, the cryptographic key management process in Yarket includes key rotation.

Risk Management

    We perform periodic risk analysis and assessments to ensure that our information security policies and practices meet the requirements and applicable regulatory obligations.

Security Vulnerability Disclosure

    We always appreciate when Yarket users and security researchers contact us regarding security vulnerabilities.