Skip to content

Privacy Policy

Effective Date: January 1, 2026

Introduction

At TrustedStack (yes-Security Inc.), we recognize the importance of privacy and are committed to protecting the personal information of our customers and visitors. This Privacy Policy governs the manner in which Yes-Security Inc. collects, uses, maintains, and discloses information collected from users of our website and services. Our policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), NIST Cybersecurity Framework (CSF), Service Organization Control 2 (SOC2), ISO 42001, and ISO 27001 standards.

By accessing our services, you agree to the collection and use of information in accordance with this policy. We respect your personal information and will only process it where we have a legal basis for doing so. We encourage you to read this policy in its entirety to understand our practices regarding your personal information.

Information Collection and Use

Personal Information

When you engage with our services, you may be asked to provide personal information that helps us deliver our offerings to you effectively. This information is critical for creating user accounts, processing transactions, and providing customer support. We ensure that the collection of personal data is limited to what is necessary for the specified purposes and that it is handled with the utmost care and security.

We also recognize the importance of obtaining consent where required, and we commit to seeking explicit permission before collecting sensitive personal data. Our users have the right to withdraw consent at any time, in line with legal and contractual constraints.

Technical Data

We collect technical data that can include a range of information from your device identifiers to your interaction with our services. This data helps us understand how our services are used and how we can improve them to enhance your experience. We may also use this data to address technical issues and ensure the proper functioning of our products and services.

We employ analytics tools and cookies to gather this technical data. These tools help us measure traffic patterns and understand user preferences, which are instrumental in improving service design and functionality. Users have the option to disable cookies through their browser settings, although this may affect the full functionality of our services.

Purpose of Information Processing

Service Provision

The information we collect serves the primary purpose of providing you with a seamless and efficient experience while using our services. From registration to customer support, each step is designed to meet your needs and preferences. We use personal information to process transactions, fulfill service requests, and ensure the security of your account.

Our commitment extends to maintaining the integrity and ongoing improvement of our services. We use the information gathered to troubleshoot issues, enhance service delivery, and anticipate user needs, all while ensuring compliance with legal standards and best practices.

Communication

Communication is a vital aspect of our services. We use the information collected to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

We also use your information to respond to inquiries, support needs, or feedback. This two-way communication channel is crucial for continuous improvement and customer satisfaction.

Information Sharing and Disclosure

  • No Third-Party Sharing: We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
  • Specific Service Provision: We may share information in a hashed format with select third-party service providers solely for the purpose of providing specific services to you. For instance, when collaborating with a third party for breach detection, your email address will be shared in a hashed form, ensuring it remains obfuscated and secure.
  • Data Security in Sharing: When we must share customer data to facilitate the provision of services, we take stringent measures to maintain its security. Hashing is a method used to secure the data, which transforms the original information into a fixed-size string of characters, which does not reveal the original information. This means any data shared, such as email addresses, is not in clear text and cannot be reverse-engineered to its original form without the corresponding key.
  • Limited Access: Only minimal necessary data in its hashed form is shared with third parties, ensuring they perform their services without compromising the confidentiality and integrity of your personal information.

By adhering to these practices, we reaffirm our commitment to maintaining the privacy and security of your personal data throughout all aspects of our service delivery.

Security of Data

The security of your data is paramount to us. We implement comprehensive security measures that align with SOC2, NIST CSF, and ISO 27001 guidelines to safeguard your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to, the use of encryption, firewalls, secure software development practices, and access controls.

We regularly review and update our security practices to adapt to the evolving landscape of threats and to ensure compliance with industry standards. Our dedicated security team is tasked with continuously monitoring our systems and responding swiftly to any security incidents.

Your Data Protection Rights (GDPR and CCPA Compliance)

Access and Rectification

You have the right to request access to the personal data we hold about you and to ask for your data to be corrected or updated. Yes-Security Inc. takes reasonable steps to ensure that the data we hold is accurate, complete, and up-to-date.

Erasure and Restriction

You can also request the erasure of your personal data or restrict its processing under certain circumstances. We respect your right to be forgotten and will take necessary steps to securely delete your information where applicable.

Portability

You have the right to data portability, which allows you to receive a copy of the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance from us.

Objection and Consent Withdrawal

You have the right to object to the processing of your personal data and to withdraw your consent at any time. We will cease processing your information unless we have compelling legitimate grounds for the processing.

Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into, or performance of, a contract between you and us, or is based on your explicit consent.

Data Retention and Deletion

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.

Upon expiration of the retention period or when we deem it no longer necessary to retain your personal data, we will securely delete or anonymize your information in accordance with applicable laws and our internal policies.

International Data Transfers

In providing our services, your personal data may be transferred to—and maintained on—computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Policy Updates

This Privacy Policy may undergo periodic updates to reflect changes to our information practices. We will notify you of any material changes by posting the updated policy on our website and, if we have your contact information, by sending you a notification. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Information

For further information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at security.compliance@yes-security.com.

Your continued use of our website and services after the posting of changes to this policy will be deemed your acceptance of those changes.