Security & Compliance
Enterprise-grade protection for your business data. Transparent practices, flexible deployment, and compliance tools built into every layer.
Data Encryption
All data is encrypted both at rest and in transit. No exceptions.
Data at Rest
AES-256 encryption for all stored data, including database records, file attachments, and backups.
Data in Transit
TLS 1.3 for all network communication between clients, servers, and third-party integrations.
Key Management
Encryption keys are managed separately from data stores. Customers on dedicated deployments can bring their own keys.
Authentication
Multiple authentication methods to match your organization's security requirements.
LDAP / Active Directory
Connect to your existing directory service for centralized user management.
Single Sign-On (SSO)
SAML 2.0 and OAuth 2.0 support for integration with identity providers like Okta, Azure AD, and Google Workspace.
Two-Factor Authentication (2FA/TOTP)
Time-based one-time passwords via authenticator apps for an additional layer of account protection.
Passkeys / WebAuthn
Passwordless authentication using biometrics or hardware security keys via the WebAuthn standard.
Access Control
Fine-grained permissions that scale from small teams to large enterprises with complex organizational structures.
Role-Based Access Control (RBAC)
Define granular roles with specific permissions. Users see only what their role allows, from menu items to individual fields.
Row-Level Security
Restrict data access at the record level. Sales reps see their own deals, managers see their team, executives see everything.
Multi-Company Isolation
Run multiple companies in a single instance with strict data isolation between entities.
GDPR & Data Privacy
Privacy is not an add-on. Tools for consent management, data portability, and the right to erasure are built into the platform.
Consent Management
Track and manage consent records for each contact. Record when, where, and how consent was obtained.
Right to Erasure
Built-in tools to locate and anonymize or delete personal data across all modules on request.
Data Audit Trails
Every data change is logged with who changed it, when, and what the previous value was.
Data Residency & Deployment
Your data stays where you need it. Deploy Yukti in the cloud, on your own infrastructure, or both.
Cloud (Managed)
Fully managed hosting with automatic updates, backups, and monitoring. No infrastructure to maintain.
On-Premise
Deploy on your own servers or private data center. Full control over infrastructure, networking, and data location.
Hybrid
Split workloads between cloud and on-premise environments based on your compliance and performance requirements.
Audit Trail & Logging
Every operation in Yukti generates an audit record. You can trace who did what, when they did it, and what the data looked like before and after the change.
- Full change history on every record across all modules
- Login and session tracking with IP address and device information
- API access logs for all external integrations
- Configurable log retention policies
- Export audit data for external compliance tools
Responsible AI Practices
Yukti is an AI-native platform. That means AI decisions need to be explainable, auditable, and under your control.
Transparent Models
AI recommendations include explanations of the factors that contributed to each suggestion. No black-box decisions.
Human Override
All AI-driven actions can be reviewed, adjusted, or overridden by authorized users. AI assists; it does not dictate.
Data Boundaries
AI models operate within your data boundaries. Your business data is not used to train models for other customers.
Provider Choice
Yukti supports multiple AI providers (OpenAI, Anthropic, Google AI, and others). Choose the provider that meets your compliance requirements, or use local models for sensitive workloads.
Compliance Status
We are actively pursuing industry certifications. Below is the current status of each.
| Standard | Status | Details |
|---|---|---|
| GDPR | Supported | Built-in tools for consent management, data portability, and right to erasure. |
| SOC 2 Type II | In progress | Audit underway for managed cloud deployments. Target completion date to be announced. |
| ISO 27001 | In progress | Information security management system certification in progress. |
| HIPAA | Planned | Healthcare data compliance support planned for on-premise and dedicated cloud deployments. |
Vulnerability Reporting
If you discover a security vulnerability in Yukti, we want to hear about it. Responsible disclosure helps us keep every customer safe.
Please report security issues to [email protected]. Include a description of the vulnerability, steps to reproduce, and any relevant screenshots or logs. We aim to acknowledge reports within 48 hours.
Contact Security Team