security
Security is the product
We teach cyber. We have to live it. This page is a candid summary of how Yetinel is built, audited, and defended.
Controls we operate
Identity
MFA enforced for admins, SSO via SAML and OIDC on enterprise, RBAC with least privilege, roles stored in a separate table and verified server side.
Infrastructure
Cloud agnostic deployment, isolated tenancies on enterprise, secrets in managed KMS, network segmentation by trust boundary.
Detection
Audit logs, anomaly detection, SIEM hooks (Splunk, Datadog, Elastic), 24x7 on call rotation for sev 1 and sev 2.
Compliance
SOC 2 Type II in progress, PCI DSS via tokenized processors, GDPR and CCPA DPAs available on request.
Responsible disclosure
If you find a vulnerability, write to security@yetinel.com with a proof of concept. We acknowledge within 24 hours, triage within 72, and credit researchers in our hall of fame on request. Safe harbor applies to good faith research that respects user privacy and avoids data destruction.
PGP fingerprint: 5A1F · 8E2D · 7C44 · B6A0 · 9F31