Data Security

Key Benefits

Multi-Layer Approach to Data Security

A comprehensive layered protection approach where overlapping physical and logical security controls are designed to prevent unauthorized access to Yesmail‘s platform, systems, and data.

Consistent Internal Security Scans & Audits

This strategy contains multiple tiers of defense against an attacker – it starts from the physical protection of servers, goes through internal security safeguards for users, and continues on to a system of application protection along each component of the Yesmail360i platform.

In the event of a failure of one layer of security, the next layer exists as a safeguard so our clients' data is never defenseless.

audits, tests, and partnerships to security system

Audits, Tests, and Partnerships that Keep Us Prepared

We know that no security system is perfect or impervious to breaches so we consistently employ 3rd parties to test our safeguards, examine all facets of data and application security, and attempt to penetrate our system. As a cross-channel marketing services vendor, we go above and beyond to identify and remedy any potential vulnerabilities before they put our clients’ data at risk. We conduct our own internal and external vulnerability scans on a regular basis using Tenable Nessus and we have a dedicated Information Security department with CISSP certified personnel. This emphasis on our clients’ data security prompted us to further optimize the security protocols of the Yesmail360i’s UI and API services, and go through rigorous audits, code changes, and technology updates required to successfully pass 3rd party pen testing. To-date, Yesmail360i is among a handful of platforms to have done that. 


third party pen testing

3rd Party Pen Testing Includes: 

  • SQL injection attempts that target poor input validation and enable foreign code to extract protected information
  • Cross-site scripting which attempts to hijack a service by posing as another domain
  • Certificate validation for https certificates to ensure all encryptions are up-to-date and there are no deprecated
  • Insufficient page authorization which probes whether every page that could be accessed through the Yesmail application has all of the required authorization protocols
  • Application cookies which should display either encrypted information or non-personally identifiable information
  • Site tracking defense testing which precludes phishing-type of attacks where the attackers can represent a web address as their own


3rd party audits

3rd Party Audits

To show how serious we are about data security, we partner with a number of digital security providers and undergo 3rd party audits on annual basis, including:

  • SSAE 16 SOC 2
  • SysTrust
  • WebTrust

We’re honored to be a recognized member of the Online Trust Alliance’s 2016 Online Trust Honor Roll. Click here for details on the Award.


Contact Us

Contact Us