Security
The security of your data is core to our product. This page summarizes our practices and controls.
Encryption
All traffic between your browser and our servers uses TLS 1.2 or higher. Data at rest is encrypted with AES-256 at our infrastructure providers.
Access control
Role-based permissions inside the ERP. Multi-factor authentication available for admin accounts. Internal system access limited to necessary staff and audit-logged.
Backups and continuity
Automatic daily backups with 30-day retention. Quarterly restore tests. Service recovery objective (RTO) of 4 hours for severe incidents.
Infrastructure
Hosted on cloud providers certified to SOC 2 and ISO 27001. Security updates applied continuously. 24/7 monitoring with automated alerts.
Payments
We do not store card numbers. Payments are processed by a PCI-DSS Level 1 certified provider.
Incident response
We notify affected customers within 72 hours of any incident compromising their data, with scope and remediation details.
Responsible disclosure
Found a vulnerability? Email support@ykadvancedsoft.com. We respond within one business day and coordinate remediation before any public disclosure.