1. Yellowdig
  2. Security & Accessibility
  3. Security & Accessibility

Our Commitment to Data Privacy and Security

IN THIS ARTICLE
SOC 2 Type 2
Data Privacy and Terms of Service
Privacy Compliance
Software Security
Infrastructure Security
Physical Security
Data Security
Firewall
Data Integrity and Disaster Recovery
Breach Notification
FERPA


Last updated on April 7, 2026

At Yellowdig, we highly value your data privacy and security. Below, you'll find some key steps we take to protect your data. This is not a legally binding document, and over time, parts of this statement may become inaccurate. For questions about our privacy and security measures, please contact us at clientsuccess@yellowdig.com.

View detailed information about our security controls and policies in our Trust Center.

SOC 2 Type 2

Yellowdig completed a SOC 2 Type 2 audit with an unqualified opinion issued by Sensiba, LLP, in March 2026. Download the full audit report from our Trust Center.

Data Privacy and Terms of Service

Yellowdig Terms of Service can be found here. The key parts relating to privacy and security are:

  • All posted content is owned by the user that posts it, or the organization to which the user belongs. In practical terms, content posted to Yellowdig is owned by the organization or university that is using the platform.
  • Yellowdig does not resell any data to third parties. Any use of the data is for the sole purpose of providing and enhancing the service.
  • We take all reasonable measures to protect user data and conform to software security best practices, including use of encryption, firewalls, and limited access to production data.

Any use of Yellowdig is governed by these terms of service. However, any contract we enter into can add to or supersede any other existing terms, at the discretion of the customer.

Privacy Compliance

Yellowdig supports all privacy law applicable to the United States and Australia. Yellowdig does not currently support all aspects of the GDPR, but has the capability to become fully GDPR compliant.

Software Security

The Yellowdig application is developed using the currently accepted best practices for applications dealing with sensitive information and deployed on the Internet for access by end-users and partners, including encryption and highly restricted access to the development, deployment, and data storage environments. This includes following the OWASP Top 10 recommendations for web application security.

Infrastructure Security

Yellowdig employs many best practices for securing networks and servers:

  • All public traffic is encrypted using SSL/TLS with 256 bit encryption.
  • Yellowdig application and database servers are protected by multiple firewalls, with external WAN access as well as internal LAN restrictions.
  • Server access is granted only to those employees who need it.
  • Yellowdig monitors user behavior using audit logging and sample activity metrics.
  • All servers run within a Virtual Private Network (Amazon Virtual Private Cloud), further isolating and securing servers.

Physical Security

Yellowdig is hosted using Amazon Web Services (AWS). AWS data centers conform to the highest standards of physical security and processes and have achieved ISO 27001, ISO 9001, SOC 3 and other certifications. Please refer to AWS security infrastructure information documentation at http://aws.amazon.com/security/ and http://aws.amazon.com/compliance/ for additional details.

Data Security

Users' data are automatically backed up at regular intervals to redundant backup storage . All data is maintained for a period of 5 years. Yellowdig can provide a data dump or delete data as requested from the customer. Backups and snapshots are encrypted on disk.

  • We build applications which are not susceptible to SQL injection.
  • We test all data input for cross-site scripting vulnerabilities (xss).
  • We create daily backups of all production data stored separately from application servers.
  • Multiple code backups exist in the form of git repositories.
  • Should our production environment become unavailable, we can bring up a new environment quickly.

Firewall

Yellowdig applications are hosted on comprehensively firewalled servers. These firewalls default to disabling any unsupported access mechanism and are carefully configured to only allow access for known services. We build on top of the well-defined and implemented security policies of the AWS services we depend on.

Data Integrity and Disaster Recovery

Yellowdig is architected for High Availability and 100% uptime. User data is backed up frequently. Recovery from backups is tested regularly and is part of the normal server deployment process. Even in the event of serious malfunctions (such as data center issues), service can be restored quickly.

Breach Notification

We deploy host intrusion detection to monitor our servers. If a security breach occurs, we will notify affected customers in a timely manner. Yellowdig maintains an active Professional Liability Insurance policy covering breaches. 

FERPA

Yellowdig is FERPA (Family Education Rights and Privacy Act) compliant through our Privacy, Security Incident Policy, and Data and Infrastructure Security. However, it is the responsibility of the client's implementation to ensure full compliance with FERPA.

Articles in this section

Was this article helpful?
41 out of 46 found this helpful