Security

 

Best practices to follow

We have always placed your security first on YABI. To ensure maximum security, we have made a simple list of security to-do’s you can follow:

  • Never divulge your personal bank details like card number, CVV, PIN, and OTP in any medium, including calls, texts, or emails.
  • We will never, ever ask you for any of the sensitive details mentioned above.
  • We will never call you and ask to do any payment transaction on the app or install any remote access software such as teamviewer, anydesk, etc.
  • Never respond to such emails, texts, or phone calls.,
  • Our customer support can only be reached via the app. please do not engage with phone numbers that claim to be of our support team.

For the purpose of fulfilling the services obtained through the Website. When You use the Website, We may also collect information related to Your use of the Website and aggregate this with information about other users.

Privacy Practices

We do not sell your personal information to or share it with unaffiliated third parties for their own advertising or marketing purposes without your explicit consent

Check out our Privacy Policy for more information.

Cloud Infrastructure

Yabi is hosted on a Virtual Private Cloud on Amazon Web Services which provides a secure and scalable technology platform to ensure we can provide you services securely and reliably

Perimeter Security

We have deployed Defence in Depth Architecture using a network firewall, web application firewall, DDoS protection layer, and a content delivery network.

Our infrastructure is launched in compliance with the AWS Well Architected Framework and from the security perspective incorporating practices from the AWS Cloud Adoption Framework

We have a 3-Tier Architecture which incorporates best practices from various standards and certifications

We have strict network segmentation and isolation of environments and services in place.

 Host Security

We use industry leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patching

All our servers are launched using the Center for Internet Security Benchmarks for Amazon Linux.

Data Security

We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis

We use key management services to limit access to data except the data team

Stored data is protected by encryption at rest and sensitive data by application level encryption

We use data replication for data resiliency, snapshotting for data durability and backup/restore testing for data reliability.

Incident and Change Management

We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you both reliably and securely enabling you to enjoy the Yabi experience with maximum assurance

We have a very aggressive stance on Incident Management on both Systems downtime and Security and have a Network Operations Center and an Information Security Management System in place which quickly reacts, remediates or escalates any Incidents arising out of planned or unplanned changes.

Responsible Disclosure

We at Yabi are committed about our customer’s data and privacy
We blend security at multiple steps within our products with state of the art technology to ensure our systems maintain strong security measures. The overall data and privacy security design allows us defend our systems ranging from low hanging issue up to sophisticated attacks. If you are a security enthusiast or a researcher and you have found a possible security vulnerability on Yabi products, we encourage you to report the issue to us responsibly. You could submit a bug report to us at tech@souqalmal.com with detailed steps required to reproduce the vulnerability. We shall put best of our efforts to investigate and fix the legitimate issues in a reasonable time frame, meanwhile, requesting you not to publicly disclose it.