1. Security Program Overview
At YukT, security is a core architectural requirement, not an afterthought. The YukT Unified Commerce OS handles transaction logs, CRM communications, and HRMS payroll databases for thousands of ambitious brands. We maintain strict compliance controls to keep your business and employee data secure.
2. Infrastructure & Hosting
Our cloud hosting architecture is engineered to provide premium reliability and defense-in-depth:
- Physical Security: The platform is hosted within secure, audited facilities provided by AWS and Google Cloud Platform. These facilities maintain 24/7 CCTV surveillance, biometric portals, and strict check-in audits.
- Redundancy: We deploy distributed database instances across multiple availability zones. In the event of a datacenter blackout, traffic automatically routes to active backup zones.
- DDoS Mitigation: We utilize Cloudflare Enterprise protection filters to mitigate layer 3, 4, and 7 DDoS strikes, ensuring sub-50ms storefront latency.
3. Data Encryption Protocols
We safeguard data at rest and in transit using industry-leading cryptography:
- Data in Transit: All HTTP connections to YukT websites and platform dashboards enforce TLS 1.3 encryption with strict HSTS policies.
- Data at Rest: Customer database volumes, file storage repositories, and logs are encrypted using hardware-accelerated AES-256 standard encryption keys, rotated annually.
- Password Security: We hash administrative credentials using bcrypt algorithm iterations with unique salts. No raw passwords are ever written to files or memory caches.
4. Access Controls & Authentication
We follow the Principle of Least Privilege across all operational divisions:
- Internal Access: YukT engineers are granted server database access only when required to address customer tickets, monitored by centralized audit logs.
- Multi-Factor Authentication (MFA): All developer consoles, cloud provider administrative panels, and code repositories require hardware-token MFA.
- Session Management: We enforce automated timeout rules on administrative dashboards to protect open client sessions from physical terminal compromise.
5. Application Security & Monitoring
We continuously analyze the codebase and running processes:
- Static Code Scanning: We perform automated static analysis (SAST) on all git commits to intercept library dependencies with known CVEs or code injections.
- Runtime Audits: Real-time intrusion detection systems log and alert our security response team regarding brute-force attempts or SQL injection probes.
- Backups: Full backups are taken every 24 hours, stored in separate, write-once-read-many (WORM) storage locations.
6. Compliance & Audits
YukT regularly tests compliance against international frameworks:
- PCI-DSS Compliance: We do not store raw card numbers. All checkouts are offloaded to payment gateways certified at PCI-DSS Level 1.
- GDPR alignment: We maintain compliance controls supporting data subject requests, data processing agreements, and international SCCs.
7. Vulnerability Disclosure Program (VDP)
We welcome reports from cybersecurity researchers. If you identify a security bug in our platform, please follow these guidelines:
- Email your findings directly to security@yukt.co.in.
- Provide detailed replication steps (POC files or screenshots).
- Give us a reasonable timeframe (typically 90 days) to address the issue before public disclosure.
Note: We do not offer bounty payouts to uncoordinated disclosures, nor do we tolerate automated script spam reporting generic SSL cipher flags.