Security & Data Protection

Yoti's Encryption standards

Encryption at rest

All data stored on the Yoti platform is encrypted at rest, secured by AES-256 encryption and authenticated by RSA signatures and signed timestamps.

The Yoti App uses a sophisticated wrapped key model, with the user firmly in control holding a private key on their mobile device, within the secure element, issued during the user on-boarding phase.

Encryption in transit

All data exchanged between the Yoti platform and your implementation is encrypted in transit. Yoti uses TLS 1.2 as a minimum baseline, preferring TLS 1.3 where supported.

Physical and Operational Security

Accreditations

Yoti holds a SOC 2 Type 2 for our technical and organisational security controls certification. This is audited annually by a top four auditing company. A copy of this report is available upon request, under NDA.

Yoti also holds an ISO/IEC 27001:2013 information security standard.

Data Centres

For the Digital Id service Yoti uses multiple Tier 3 UK data centres.

GDPR

With the Digital Id product, Yoti acts as both a data controller and a data processor.

Yoti has a comprehensive privacy governance framework in place built on the EU’s GDPR requirements, with additional local measures where needed. This is led and overseen by our Data Protection Officer.

Further security information is available on our website: https://www.yoti.com/security

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
What our clients say

Got a question? Contact us here.

On This Page
Security & Data ProtectionYoti's Encryption standardsEncryption at restEncryption in transitPhysical and Operational SecurityAccreditationsData CentresGDPR