Version 1.0 – April 2022

Yonder AG (“Yonder“,” “we”, “us”, or “our”) prioritizes the security and confidentiality of your data shared in connection with our software-as-a-service product (the “Service”). We understand the importance of maintaining the integrity of your information and are committed to upholding the highest standards of security practices. This security policy outlines our approach to safeguarding your data and ensuring compliance with industry standards.

 

  1. Information Security Management System (ISMS)

Yonder operates under an Information Security Management System (ISMS) based on the principles of ISO 27001:2022. Our ISMS framework ensures that all aspects of security, including confidentiality, integrity, and availability, are effectively managed and continuously improved.

  1. Data Protection

All customer data is treated with the utmost confidentiality and is protected from unauthorized access, use, or disclosure. For details on what data we store, please see Privacy Policy at www.yonder.info/privacy-policy.

Access to customer data is restricted to authorized personnel only, and all access is logged and monitored.

Regular data backups are performed to prevent data loss and ensure business continuity.

  1. Physical Security

Our data centers and offices are equipped with physical security measures to prevent unauthorized access. Physical data center security is in the responsibility of our cloud providers, and physical office security is in the responsibility of Yonder.

  1. Network Security

We employ robust network security measures, including firewalls, encryption, and intrusion detection systems, to safeguard against unauthorized access and cyber threats.

Regular security assessments and penetration testing are conducted to identify and address potential vulnerabilities in our network infrastructure.

  1. Employee Training and Awareness

All employees undergo comprehensive security training upon joining Yonder and receive regular updates on security best practices.

Employees are required to adhere to strict security policies and procedures to protect customer data and maintain the confidentiality of sensitive information.

  1. Compliance and Certification

Yonder is ISO 27001:2022 certified, demonstrating our commitment to implementing and maintaining a robust information security management system.

We adhere to relevant regulatory requirements and industry standards to ensure compliance with data protection laws and regulations.

  1. Incident Response

In the event of a security incident or data breach, Yonder has established procedures for responding promptly and effectively to mitigate any potential impact on customers.

Customers will be notified of any security incidents or breaches in accordance with applicable laws and regulations.

  1. Changes to This Security Policy

This Security Policy may be updated from time to time for any reason. We will notify you of any changes to our Security Policy by posting the new Security Policy at www.yonder.info/security-policy. The date the Security Policy was last revised is identified at the beginning of this Security Policy. You are responsible for periodically visiting our Service and this Security Policy to check for any changes.

  1. Contacting Us

If you have any questions or concerns or complaints about our Security Policy, or if you want to report any security violations to us, please contact us by sending an email to security@yonder.info.