New Report on Rising Fuel Price Consumer Impact
Check It Out

Data Security - Executive Summary

Executive Summary

(Updated: 25/05/2026)

Our company is legally obligated to safeguard the privacy and security of the personal data that we process from our users. We have implemented a comprehensive data security program that complies with the applicable data protection laws and regulations.

Data Security Legal Requirements and Obligations

Our data security legal requirements and obligations are to:

  • Ensure the confidentiality, integrity, and availability of our users' personal data.
  • Comply with the data protection laws and regulations of the jurisdictions where we operate, such as the GDPR.
  • Demonstrate our accountability and transparency regarding our data security practices.

Data Security Program

Our data security program consists of the following measures and procedures:

  • Physical security: We have established physical security measures to prevent unauthorised access, damage, or theft of our data processing equipment and facilities through our AWS managed system integration. These measures include access control systems, surveillance cameras, and alarm systems. (See: https://aws.amazon.com/compliance/data-center/controls/)
  • Logical security: We use various logical security measures to prevent unauthorised access, interference, or disclosure of our users' personal data. These measures include firewalls, intrusion detection systems, and data encryption.
  • Data access controls: We have implemented data access controls to limit access to our users' personal data to authorised personnel only, based on the principle of least privilege and need-to-know.
  • Data encryption: We encrypt all personal data at rest and in transit, using strong encryption algorithms and keys.
  • Data backup and recovery: We have a comprehensive data backup and recovery plan in place to ensure the resilience and continuity of our data processing activities in the event of a data breach or other disaster.
  • Incident response: We have a well-defined incident response plan to identify, contain, analyse, remediate, and report on security incidents.

Certifications, Standards, and Best Practices

Yazi is aligning its information security management system with ISO/IEC 27001:2022. We expect to complete a Stage 1 certification audit in November 2026 with a UKAS-accredited certification body, followed by Stage 2 in Q1 2027. Yazi references the NIST Cybersecurity Framework in its risk-management methodology. Yazi does not process card-holder data directly (Stripe is our card processor and is itself PCI DSS Level 1 certified); PCI SSC compliance therefore applies to our payment processor, not to Yazi.

GDPR Compliance and Data Processing

Our company is committed to complying with the General Data Protection Regulation (GDPR), which is a regulation of the European Union (EU) that sets out the rules for the protection of personal data. We have implemented measures and procedures to ensure that our data processing activities comply with the GDPR.

Data Processing

We process our users’ personal data in accordance with the GDPR’s principles of lawfulness, fairness, and transparency. We only collect and process personal data that is necessary for the purposes for which it was collected, and we ensure that our users are informed about how their personal data is being used as per our Privacy Policy

Data Deletion

We respect our users’ right to request the deletion of their personal data from our servers. When a user makes such a request, we will take all reasonable steps to delete their personal data from our systems, subject to any legal obligations that may require us to retain certain data. We have established procedures to ensure that our users’ requests for data deletion are handled promptly and efficiently. Data deletion requested will be processed in accordance with section 14 of our Terms of Service

Conclusion

We are committed to fulfilling our legal obligations regarding the privacy and security of our users' personal data. We have implemented a comprehensive data security program that complies with the applicable data protection laws and regulations. We believe that our data security program is robust and effective. We take our obligations under the GDPR seriously and have implemented measures to ensure that our data processing activities comply with its requirements. We are confident that we can protect our users' personal data from unauthorised access, use, disclosure, alteration, or destruction. If you have any questions or concerns about how we process your personal data, please do not hesitate to contact us.

Quick Links
PricingWhy WhatsApp for researchUseful data sources directoryDocumentationCase Studies
Legal
Privacy PolicyData SecuritySub-ProcessorsTerms of ServiceContact
Social
LinkedIn
Instagram