Keeping your data safe


Keeping your data safe is our highest priority. To protect every piece of personal information you give us - whether it be your photo, date of birth or address - we scramble it with advanced 256-bit encryption. The private keys that unlock your data are stored on your device. Nobody else, not even Yoti, can access these keys.

Traditionally, companies store all of their customer information in one big database, making it an appealing target for criminals. By encrypting and storing your data using separate cryptographic keys, we ensure there isn’t one big honeypot of data for hackers to target. Your data is stored in a Tier 3 UK data centre and as a company we are ISO27001 certified, which means we follow a strict set of security guidelines in all of our operations.

In the unlikely event that our systems were compromised and our 256-bit encryption keys were cracked, a criminal might get to just one piece of information about you - your date of birth, for example. Nothing else, just your date of birth. They wouldn’t even know it was your date of birth - they couldn’t link it to you or build a profile of you in any way.

Henry Coggill

Hear more about our approach to data from our head of security, Henry

Learn more


Can Yoti be hacked?

Any company can be targeted by hackers but Yoti stores your data differently. There isn’t one big database full of valuable information for hackers to target.

If someone accessed our systems, they might find your date of birth, but they would have no way to link this to your name or any other piece of personal information.


Is it really that secure?

Yes. We use advanced 256-bit encryption to protect your data. You control your data and decide exactly what information you want to share and who with.

The information you add never leaves the Yoti ecosystem and is only ever seen by you and the person or business you’re sending it to. Yoti doesn’t even see specifics.

Each layer of encryption we use to protect your data would take a hacker thousands of years to break. So unless they live for a very long time, we’re confident that your data is safe.


How is this safer than just showing my ID document?

When you use Yoti to prove your ID you only share the data that is necessary. No more revealing your passport number or address when getting into a nightclub.

Yoti doesn’t store an image of your passport, we extract and transform your details into a secure digital identity that you control.


How and where is my data stored?

Our secure technology separates each of your details (photo, first name, last name and DOB etc.) and individually encrypts each piece of data.

We provide multiple layers of encryption by securely storing each detail in UK based Tier 3 data centres. The only key to unlock and reunite the data is your Yoti app.


How easy is it to create a fake profile?

Yoti verifies and matches your details to your biometrics. A trained team performs extra checks in a secure ‘Cleanroom’ to ensure all details and documents are genuine.

Creating an account by impersonating you is extremely difficult. Our biometric and liveness testing means that sharing a video of you wouldn’t be enough to create an account.


Can someone else access my Yoti using my phone?

Your Yoti is secured with a 5-digit PIN. For every wrong guess at it, the time to try again increases to prevent brute force attacks.

We only allow so many attempts at the PIN before the account is locked.


Why should I trust Yoti with my data?

We’re a company on a mission to make it easier and safer to share your data. We’ve built Yoti in a way that there isn't a honeypot of personal information for hackers to target.

Our systems are regularly tested to ensure maximum security. If we weren’t confident that we could keep your details safe, we wouldn’t release products.


Will my data be sold to third parties?

No. We will not sell your data to third parties, because we cannot access it. The design of our database means that only you can access your own data, using the key on your own device.


Isn’t this all a bit Big Brother? One big database of identity details?

No, absolutely not. It’s quite the opposite. We want to put an end to big databases of personal profiles that can be hacked or sold on to third parties.

Yoti has no access to your data once it’s been verified, we simply give you the ability to share information you need to share.

We also encourage businesses to ask for less information because Yoti lets you prove individual bits of information about you instead of needing to share your life story or send in a picture of your documents.

Put your trust in our award-winning security system

Tested Systems

All user data is held on secure Tier 3 data centres. Yoti undergoes regular independent penetration tests to ensure data is safe. HackerOne, MWR and Cigital have performed tests.

 
 

Verification process

Yoti technology verifies and matches your details to your selfies. A trained team check documents in a secure ‘Cleanroom’ to ensure all details submitted are genuine.

 
 

Data Storage

Yoti encrypts and stores each piece of information separately, giving you the only key. Images of documents are stored for seven days only. Yoti can't access your data after this.


The Yoti app is free to download and use: