Security and trust

Yva is committed to maintaining appropriate technical and organizational security measures to protect your employees' personal information in line with the GDPR requirements.

  1. We provide the client's personal data operators with the sample text of the message that clarifies the goal of using the system to employees.
  2. We regularly conduct audits of the crawling system to make sure we collect only the necessary data for a period of time necessary to achieve the goals.
  3. We develop the system in accordance with the best engineering practices. The majority of our engineers have over 10 years of experience in development. We apply maximum effort to save the data.

We would like to tell you what we do to prevent data losses and breaches, to maintain integrity and availability of the data.

Technical measures

  • Yva staging and production environments are hosted in Microsoft Azure. The MS Azure infrastructure meets a broad set of international and industry-specific compliance standards, see more at
  • Our servers are protected by high-end Microsoft Azure firewall systems.
  • Yva encrypts all communication between you and Yva's applications using industry standard SSL/TLS encryption.
  • Yva encrypts all data at rest using 256-bit encryption via native Microsoft Azure capabilities.
  • Yva can restore the availability and access to your employees' personal information in a timely manner in the event of a physical or technical incident.
  • The entire office infrastructure is located in a place with a variable access distribution; physical access has a limited number of authorized personnel.

Product features

  • Customers can authenticate via their platforms of choice (GSuite or Office365), or can use passwordless email authentication, and never set a service specific password.
  • The product interface does not give access to the communication contents of individual users; all the information is presented in the form of aggregated anonymous reports.
  • The product uses a user access control system. The different roles in this system include regular users, technical administrators and managers who have access to reports.
  • The responses to the surveys conducted by Yva always remain anonymous. Yva shows any survey-related information in an aggregated form.
  • The data in Yva can be synchronized with the client's infrastructure. If the client decides not to save an employee's data, the data can be deleted from Yva as well.
  • Our on-premise solution supports the policy of storing the data in a completely isolated infrastructure. In this case Yva does not exchange data with the external environment. The product updates and support can be fully managed by your IT team.

Organizational practices

  • Yva's employees and personnel have committed themselves to confidentiality or are under appropriate statutory obligations of confidentiality, are granted access to systems that hold your data on a "need-to-know" basis (i.e. if required to perform their job). Employees and personnel who have access to systems that hold your data are required to use strong passwords and multi-factor authentication.
  • Employees who have access to systems that hold your data are required to use strong passwords and multi-factor authentication.
  • Our policies prohibit anyone from being able to move customer data to an unauthorized device, as well as to any laptop or other device. Our policies restrict all employees from downloading data from our production environment.
  • Yva has measures in place to ensure the ongoing confidentiality, integrity, availability, and resilience of Yva Cloud Services processing systems and services. Yva is putting in place a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures to ensure the security of your employees' personal information.

For more details regarding Yva's commitment to invest in its security infrastructures, we invite you to read our Data Processing Addendum