We do things differently to most tech companies. We’re proud of the fact that we always put our community first and we like to shout about it.

The way we handle security and compliance is key to protecting your data. If we didn’t get that right, how could we expect anyone to trust us? And without trust, why would anyone use our app?

So, with that in mind, here’s a run-through of the three main compliance accreditations we hold and why you should care. (Don’t worry, we know this stuff can be quite dry so we’ve kept it short).


ISO 27001

What is it?

It’s an international standard for information security management.

Quick fact: although ISO 27001 is now best practice for security around the world, it was originally published in 1995 right here in the UK.


What does it mean for you?

ISO 27001 is about protecting all kinds of data. Not just personal data. So that’s everything from how we monitor who enters our offices to how we pick any suppliers or partners we work with. It basically means we’ve been proven to take security seriously in all areas of the business.



SOC 2 Type 1

What is it?

SOC2 (Service Organisation Controls) is all about companies being able to trust each other when providing and outsourcing services.

There are five different categories of SOC 2 an organisation can apply for: Security (which we have), Confidentiality, Processing Integrity, Availability, Privacy.


What does it mean for you?

SOC 2 is one of the most respected and rigorous auditing standards for security in the business world.

It’s considered rigorous enough for governments, major banks and the biggest tech companies. And receiving a flawless report (which we did) on a first attempt is almost unheard of. So when we say that security and privacy are our priority, you know we really mean it.


PAS 1296

What is it?

It’s a Publicly Available Specification (PAS) for Online Age Checking.

It sets out regulatory best practice for the sale of age restricted goods or access to age restricted services.

We have done a self assessment against PAS 1296 and had this reviewed by a third party.


What does it mean for you?

It’s all about trust. Trust that an age check performed using Yoti is reliable. For example, if you’re a parent whose child uses Yoti for proof of age accessing child-only forums or online games, you can be confident that environment is only accessed by others their age.