Yva.ai is committed to protecting Client’s privacy.
After installation People Analytics Self-hosted Solutions reside on Client’s servers or the servers administered by the Client. Yva.ai doesn't administer Client’s servers and doesn't collect and/or process any Client’s data unless Client asks us to collect and/or process data.
Default deployment anonymizes all active employees feedback by aggregating data from groups of a minimum of 5 employees at a time.
The system never stores nor gives access to the content of emails and messages to anyone. Yva.ai never analyzes personal data sources such as personal email, SMS, WhatsApp, Facebook, LinkedIn, Instagram, etc. With self-hosted cloud or on-premise installation all data resides within the client’s network perimeter.
Compliance with privacy laws
Yva.ai takes all necessary measures to ensure that it is GDPR-compliant. Yva.ai has prepared a Data Processing Addendum that contains the GDPR contractual requirements.
Our contractual commitments relevant to GDPR are as follows:
- Yva.ai will be transparent and never use your employees' personal information other than as instructed by you,
- Yva.ai will maintain appropriate technical and organizational security measures to protect your employees' personal information,
- Yva.ai will assist you with requests from your employees regarding their personal information that is processed using Yva.ai On-Premise in line with GDPR requirements.
Information security management system ISO / IEC 27001:2013 and audit
The Yva.ai team is certified for information security with ISO/IEC 27001:2013 (Information Security Management System). This means that Yva.ai collaboration analytics platform and the company's internal processes in the field of information security fully comply with recognized international standards.
Yva.ai applies a systematic approach to information security risk management.
The process is divided into the following stages:
- definition of the domain of data operation,
- inventory of physical and logical information assets (servers, data warehouses, etc.),
- threat identification and risk assessment of information assets,
- selection of protection and safety equipment,
- creation of tools to eliminate remaining risks, etc.
Yva.ai minimizes the risks of attacks by protecting survey results, reports, and other data using a strong encryption method.
Yva.ai conducts regular audits of contractors and imposes the same information security requirements on contractor employees as on its own employees.
Yva.ai prevents the threat of viruses and phishing attacks: together with Sophos, we use artificial intelligence technology to protect all staff and non-staff members.
The protection level of Yva.ai is assessed by an independent expert. Each year, Yva.ai will confirm compliance with the standards through an independent certification audit, proving that the clients' data are fully protected against unauthorized access or hacking, both on the cloud and on-premise.
Yva.ai’s employees and contractors commit themselves to confidentiality and have signed the confidentiality agreement. Prior to hiring, all employees are subjected to a background check. Logical access is given on a need-to-know basis, in compliance with the least privilege principle: a user has only those privileges which are essential to perform their job, as per our access control policy. Access is controlled using the role-based access control model.
Yva.ai also has a Data Protection Officer (DPO) as an employee, who:
- Is responsible for the company's compliance with personal data protection requirements.
- Informs and advises on obligations.
- Acts as a contact person for users, contractors, or regulatory authorities.
All information is stored and processed on the company's servers, the data is never saved on desktops of Yva.ai’s employees.
Sharing personal information with third parties
The Yva.ai team doesn’t disclose user data to third parties. However, when acting as a data processor, we may use third parties to process Diagnostic Data (which may contain user data) and anonymized user data to improve our services and for troubleshooting. We ensure that such third parties are compliant with the required confidentiality and security policy to process such information.
Third parties Yva.ai uses
- Microsoft Azure is our cloud computing platform, where we store and process anonymized user data;
- Zendesk is a customer service software and support ticketing system;
- Google Workplace is our workflow solution.
Yva.ai conducts the initial check of each contractor and employee according to the ISO / IEC 27001:2013.
Deleting of the personal data
Each user has a possibility to view, amend or delete their own data directly using the tool. The Administrator has a possibility to modify or delete any personal data.
Bankruptcy, offenses, litigation
There is no pending litigation against our business.
No bankruptcy order has been made for or is being applied for, our business, or any of its directors or shareholders. No composition or arrangement has been entered in for the benefit of our creditors nor has such arrangement been requested.
We tolerate no form of and do not engage in any form of corruption or bribery, including any payment or other form of benefit conferred on any government official for the purpose of influencing decision-making in violation of the law. Our business has not been found guilty of any offense in relation to an act of bribery or corruption.
Our business has not been found guilty of any offense in relation to competition legislation, trade sanctions, or export controls.
Our business has not been found guilty of any offense in relation to financial crimes including fraud and money laundering.
Terms & Privacy Documents
Encryption of data
Yva.ai software security