At Yuno, security is a top priority. Users trust us with their sensitive data, and we continuously evolve our security measures to meet the highest standards of the global financial industry.
Compliance is deeply ingrained in our corporate culture and operational practices. Our compliance framework is built on four key pillars.
Yuno complies with PCI DSS v4.0, one of the most stringent security standards in the payment industry, ensuring secure payment card processing.
Download PDFWe are aligned with the protection and privacy of processed data based on the principles established in GDPR (General Data Protection Regulation) for the protection of personal data by being ISO 27701 compliance.
Download PDFYuno is also ISO 27001 certified which demonstrates our commitment to operating a mature security program.
Download PDFYuno is SOC 2 Type 2 compliant, guaranteeing strict controls over security and privacy.
Download PDFYuno's infrastructure is built on the AWS Well-Architected Framework, ensuring top-tier security, reliability, and encryption. With industry-leading protections for data in transit and at rest, we safeguard every transaction with the highest security standards.
Built on the AWS Well-Architected Framework, leveraging audited AWS data centers. Robust physical, environmental, and infrastructure protections ensure security, reliability, and operational excellence at every layer.
All data is transmitted through encrypted channels using TLS 1.3, ensuring the highest level of protection. This safeguards internal and external communications, mitigating risks from weaker protocol versions.
Sensitive vault data is encrypted with AES-256. Each confidential record is hashed with SHA-512 to generate irreversible, unique records, then encrypted with a separate, randomly generated encryption key.
Yuno ensures data protection through strict access controls, a secure development lifecycle, and continuous security testing. With proactive vulnerability management, penetration testing, and a bug bounty program, we stay ahead of emerging threats to keep our platform secure.
Access is governed by the principle of least privilege. Role-based controls and enforced 2FA and VPN ensure every employee operates within their strict scope of duty — no data exposure beyond what's needed.
A continuous, secure build and release process informed by OWASP. New features are peer-reviewed for security issues, and a dedicated QA team analyzes all code before deployment into production.
Regular external penetration tests plus the HackerOne bug bounty program identify vulnerabilities early. A patch management process triages and remediates findings based on severity, in a timely manner.
Learn about our commitment to security and compliance. Visit our Trust Security Center for policies, certifications, and more.
See how AI agents can transform your payment stack.