Below you will find information on possible questions from your IT and security department.
| Platform’s address | https://app.yasna.ai |
|---|---|
| Legal documents | https://yasna-ai.notion.site/8c672a2703fe4ff1bc953cae245b8ebc |
| https://yasna-ai.notion.site/8bc2fdf1e37345fa8803730fc002645a | |
| https://yasna-ai.notion.site/5bc84250927e4d0a86e1ebe4c039e05c | |
| Data protection explained | We take reasonable measures to protect personal data and client’s data (such as stimuli or questionnaires) from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction. All personal and client’s information you provide to us while using Yasna is encrypted and stored on our secure servers behind firewalls. |
| Data protection on transit and at rest | All data is transmitted via secure channels. Between the user and the platform via https, between the technical services and the databases via a private network with IPSec. The databases have only an internal network interface and are only accessible via a corporate VPN, where data is also transmitted via IPSec. |
All data transmitted to and from our trusted third party suppliers is encrypted in transit using strong encryption protocols. | | List of trusted third parties | 1. Hosting services Microsoft corporation (Azure services) EU hosted https://azure.microsoft.com/en-us/explore/trusted-cloud/privacy 2. Translation services DeepL SE EU hosted https://www.deepl.com/pro-license Google LLC EU hosted https://cloud.google.com/terms/data-processing-addendum 3. Large Language Model service OpenAI OpCo LLC US hosted https://openai.com/policies/privacy-policy | | Data residency and hosting | We use Microsoft Azure hosting services located in North Europe (Ireland). | | Using of OpenAI models | As OpenAI is based outside the EU we have a separate Data Processing Agreement (DPA) with this provider in place. The DPA outlines the mutual commitment to protect your data in accordance with the GDPR and other data protection laws. OpenAI is obligated to abide by this agreement and the protections it offers to data we send via the API.
Furthermore, OpenAI does NOT store the content of API calls we make. This means that any inputs we send to the OpenAI API when operating Yasna our services are NOT used to improve OpenAI’s models or for any other purpose. | | SSO (e.g. Okta OIDC/SAML) | At the beta stage, we are working only with direct registration on the platform via invites. In May, we plan to release the platform with the possibility of SSO authorisation via Google/Microsoft accounts. | | Access management / Role based access control | We have a system of administration depending on the user's rights in a certain space. A user can be the owner of a space, having access to all actions that are included in their tariff. There is also a space member role with read-only rights. In the beta version, roles are managed through platform support team. In the May release, we will allow space owners to manage users and and roles themselves. | | Log management / Audit (activity) logs | We keep a log of activity in each space and in each project within a space. In the beta version we are ready to provide full space statistics through contacting the support team. In the next release it will be possible to access the statistics at any time directly on the platform. | | Security compliance (e.g. ISO27k1, SOC2, etc.) | At the moment we are just at the beginning of our product development and have not had time to complete any certifications. |