Legal & policies
Security
Last updated: 17 June 2026
Security is core to how Yappa is built. This page summarises how we protect your data.
Draft. A richer security statement is being prepared; the summary below reflects our current posture.
How we protect your data
- Tenant isolation at the database layer — every tenant-owned record is protected by Postgres row-level security, not just application checks.
- Encrypted credentials — external API keys and OAuth tokens are encrypted and referenced, never stored inline.
- Least-privilege publishing — the WordPress receiver plugin is thin and its tokens are hashed on the customer's site.
Report a vulnerability
Found a security issue? Please email security@getyappa.com. We appreciate responsible disclosure.
Related policies
Terms of Service
The agreement that governs your use of the Yappa platform.
Privacy Policy
What personal data we collect, why, and your rights under UK GDPR.
Cookie Policy
The cookies we use and how consent controls analytics.
Data Processing Agreement
Our UK GDPR Article 28 terms for processing your customers' data.
Application Terms
Terms specific to the Yappa apps and connected channels.