Keeping your data safe is our highest priority. To protect every piece of personal information you give us – whether it be your photo, date of birth or address – we scramble it with advanced hybrid encryption. The private keys that unlock your data are stored on your device. Nobody else, not even Yoti, can access these keys.
At Yoti we use an innovative database design which we believe can help prevent the kinds of large-scale data thefts we’ve all read about in recent years. A traditional database structure contains one record for each user. If hackers breach the database security, they can simply read each user’s record and obtain their details.
At Yoti, we do things differently. All the different pieces of your data (names, date of birth, nationality, and so on) are split up, encrypted with different keys, and stored in random locations in our database. They can only be retrieved and put back together using the private keys stored on your device. So, even if our database was breached, hackers would only see a random jumble of data from millions of different users. Just names, dates of birth, genders…nothing to connect them together to create a meaningful profile.
Yoti also eliminates the risk of fraudsters being able to use personal details they may have stolen themselves or bought from hackers because you always need your phone and PIN to share your personal details. Read more about how it works here.
We use Tier 3 UK data centres to store the data and take regular backups to ensure your data cannot be lost. We also undergo regular penetration testing, which involves asking independent organisations to look for any potential vulnerabilities in our security operations.
Can Yoti be hacked?
Any company can be targeted by hackers but Yoti stores your data differently. There isn’t one big database full of valuable information for hackers to target.
If someone accessed our systems, they might find your date of birth, but they would have no way to link this to your name or any other piece of personal information.
Is it really that secure?
Yes. We use advanced hybrid encryption to protect your data. You control your data and decide exactly what information you want to share and who with.
The information you add never leaves the Yoti ecosystem and is only ever seen by you and the person or business you’re sending it to. Yoti doesn’t even see specifics.
Each layer of encryption we use to protect your data would take a hacker thousands of years to break. So unless they live for a very long time, we’re confident that your data is safe.
How is this safer than just showing my ID document?
When you use Yoti to prove your ID you only share the data that is necessary. No more revealing your passport number or address when getting into a nightclub.
Yoti doesn’t store an image of your passport, we extract and transform your details into a secure digital identity that you control.
How and where is my data stored?
Our secure technology separates each of your details (photo, first name, last name and DOB etc.) and individually encrypts each piece of data.
We provide multiple layers of encryption by securely storing each detail in UK based Tier 3 data centres. The only key to unlock and reunite the data is your Yoti app.
How easy is it to create a fake profile?
Yoti verifies and matches your details to your biometrics. A trained team performs extra checks in a secure ‘Cleanroom’ to ensure all details and documents are genuine.
Creating an account by impersonating you is extremely difficult. Our biometric and liveness testing means that sharing a video of you wouldn’t be enough to create an account.
Can someone else access my Yoti using my phone?
Your Yoti is secured with a 5-digit PIN. For every wrong guess at it, the time to try again increases to prevent brute force attacks.
We only allow so many attempts at the PIN before the account is locked.
Why should I trust Yoti with my data?
We’re a company on a mission to make it easier and safer to share your data. We’ve built Yoti in a way that there isn’t a honeypot of personal information for hackers to target.
Our systems are regularly tested to ensure maximum security. If we weren’t confident that we could keep your details safe, we wouldn’t release products.
Will my data be sold to third parties?
No. We will not sell your data to third parties, because we cannot access it. The design of our database means that only you can access your own data, using the key on your own device.
Isn’t this all a bit Big Brother? One big database of identity details?
No, absolutely not. It’s quite the opposite. We want to put an end to big databases of personal profiles that can be hacked or sold on to third parties.
Yoti has no access to your data once it’s been verified, we simply give you the ability to share information you need to share.
We also encourage businesses to ask for less information because Yoti lets you prove individual bits of information about you instead of needing to share your life story or send in a picture of your documents.