We take privacy, security and compliance extremely seriously.
To keep your information safe, we scramble it with high-level, 256-bit encryption, and then store it in such a way that, in the unlikely event of a system breach, no one would be able to identify you as an individual.
Every year, we submit our company to scrutiny by accredited external auditors, under several internationally recognised schemes. These include:
We are ISO27001 certified, which means an independent auditor has inspected our operations and confirmed that we follow a strict set of security guidelines. In 2019 Yoti became the first age verification provider to be certified under the ‘AV Certificate’ scheme by the UK Government’s then Age-Verification Regulator. This scheme ensured age-verification providers maintained high standards of privacy and data security.
- In 2019 we underwent a SOC 2 Type II examination on our technical and organisational security controls by one of the top four auditing companies, with no exceptions found. The SOC 2 standard is an internationally recognised security standard. We are committed to repeating our SOC2 assessment every year.
- In May 2020, we commissioned an independent assessment which confirmed that Yoti means the USA’s legal requirements for privacy and security when storing health data (known as ‘HIPAA’, the Health Insurance Portability and Accountability Act of 1996).