Security & Trust

Enterprise-grade security built into every aspect of YESOS

Security Foundation

YESOS, developed and owned by USG Software Inc., is built with security as its foundation. The YESOS chatbot delivers powerful insights using OpenAI, our primary large language model (LLM) partner, while safeguarding every interaction with enterprise-grade security controls. We chose OpenAI because it is a global leader in secure AI processing, providing reliable and cutting-edge reasoning capabilities.

To ensure privacy, every request is filtered through YESOS's secure middleware layer before reaching OpenAI. This means sensitive details are redacted or anonymized, so OpenAI never receives raw business records, confidential information, or unencrypted files — only safe, context-ready prompts. By combining OpenAI's intelligence with YESOS's strict data governance, users gain the benefits of advanced AI without compromising trust.

Every session begins with robust authentication. Our system supports secure Google and Microsoft logins through OAuth 2.0, and all sessions are governed by JWT tokens with six-hour expiration and automatic refresh to prevent unauthorized access. Role-Based Access Control ensures that every user — whether an HR representative, salesperson, manager, or administrator — sees only what they are authorized to see, with a clear five-tier hierarchy that enforces strict boundaries across the platform.

Authentication

  • OAuth 2.0 with Google & Microsoft
  • JWT tokens with 6-hour expiration
  • Automatic token refresh
  • Multi-factor authentication support

Access Control

  • 5-tier role-based hierarchy
  • Granular permissions system
  • Department-based access controls
  • Audit trail for all actions

Data Encryption

  • AES-256 file encryption
  • Client-side encryption
  • PBKDF2 password protection
  • TLS 1.2/1.3 for all communications

Infrastructure

  • Containerized environments
  • Continuous monitoring
  • Automatic failover
  • Hardened security headers

AI Security

  • Secure middleware layer
  • Data redaction & anonymization
  • No raw business data to AI
  • Context-ready prompts only

Compliance

  • GDPR compliant
  • CCPA aligned
  • SOC 2 Type II ready
  • Full data control for users

Security Monitoring & Auditing

Comprehensive Logging

  • All user actions logged
  • File access tracking
  • Chatbot query monitoring
  • Login attempt tracking

Real-time Monitoring

  • Performance metrics
  • Security alerts
  • Anomaly detection
  • Automated responses

Document Vault Security

Our Document Vault adds an additional layer of security by encrypting each file individually. Files can be protected with PIN or password requirements where needed, ensuring that even if access is gained to the system, individual documents remain secure.

File Protection

  • Individual file encryption
  • Optional PIN protection
  • Password-based access
  • Secure file sharing

Access Controls

  • Role-based file access
  • Time-limited sharing
  • Download restrictions
  • Audit trail for all access

Security Certifications & Standards

SOC 2
Type II Ready
GDPR
Compliant
CCPA
Aligned
ISO 27001
Framework

Security Contact & Reporting

Security Team

General Security: security@yesos.ai
Vulnerability Reports: security@yesos.ai
Subject Line: "Vuln Report"

Response Times

Critical Issues:24 hours
High Priority:72 hours
General Inquiries:5 business days

Ready to Experience Secure Enterprise AI?

Join organizations that trust YESOS with their most sensitive data and critical business processes.

Get Started with YESOSLearn More