Overview

YumiPass does not store any Personally Identifiable Information (PII) in its systems, excluding the sign up information for an integration account. That is, no end user accounts exists in YumiPass, specifically:

  • YumiPass acts only as a relay of verified claims (default mode of operation): claims are relayed from the document to the requesting application. No claims or any associated information are stored in YumiPass systems.
  • End user chooses to store verified claims in user's mobile wallet (optional): verified claims will exist in users's mobile wallet, with the informations only accessible to the end user. No claims are stored in YumiPass systems, only the associated anonymous (random) wallet reference id.

Security Measures

  • Data Encryption: YumiPass secures all stored and transmitted data using AES-256 encryption.
  • Two-Factor Authentication (2FA): Ensures that only authorized users access sensitive information.
  • Access Control: Role-based permissions restrict access based on user roles.
  • Regular Security Audits: YumiPass undergoes periodic penetration testing and security assessments.
  • Data Anonymization: Personally identifiable information (PII) is anonymized where possible to enhance privacy.

Regulatory Compliance

  • GDPR: YumiPass complies with the General Data Protection Regulation, ensuring user data protection and privacy.
  • AML/KYC Regulations: Adheres to Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements in multiple jurisdictions.
  • ISO 27001: Implements information security best practices aligned with ISO 27001 standards.
  • SOC 2 Compliance: Follows SOC 2 guidelines for security, availability, and confidentiality.

Risk Management

  • Fraud Prevention: AI-powered risk assessment detects suspicious activities.
  • Incident Response: A dedicated team monitors and responds to security threats in real-time.
  • Data Retention Policies: Ensures secure data storage and timely deletion of unnecessary records.
  • User Consent Management: Provides transparency and control over personal data processing.