At Yummygum, we take security and data protection seriously. We apply structured information security practices to ensure that client data is handled responsibly and securely.
Our Approach
We follow internationally recognized information security principles and continuously improve our security posture as part of our Information Security Management System (ISMS).
Our approach is based on:
Risk-based security management
Least-privilege access control
Clear separation of responsibilities
Secure-by-design development practices
Access Control
Access to client environments is granted strictly on a need-to-know basis
Multi-factor authentication (MFA) is enforced on business-critical systems
Access rights are reviewed periodically
Access is removed upon project completion or termination of services
Infrastructure & Hosting
Where hosting or infrastructure management is part of our services, we work with reputable cloud providers.
Security measures include:
Encrypted communication (TLS)
Role-based access control
Environment separation (production, staging)
Logging where applicable
Unless explicitly agreed otherwise, clients retain control over their own hosting environments.
Data Processing & GDPR
Where we process personal data on behalf of our clients, we act as a data processor under the General Data Protection Regulation (GDPR).
In such cases:
A Data Processing Addendum (DPA) is signed
We process personal data only on documented instructions
We implement appropriate technical and organisational measures
We notify clients without undue delay in the event of a data breach
If we do not process personal data in the context of a project, no DPA applies.
Subprocessors
We may engage carefully selected subprocessors to deliver our services (e.g. cloud hosting or development infrastructure providers). For clients, an up-to-date list of subprocessors can be made available upon request. All subprocessors are contractually bound to meet applicable data protection requirements.
Incident Response
We maintain an internal incident response process to:
Detect and assess security incidents
Contain and mitigate impact
Notify affected clients where required
Implement corrective measures
Responsible Disclosure
If you believe you have discovered a security vulnerability in one of our systems or projects, please contact us at: [email protected]. We appreciate responsible disclosure and will investigate promptly.
Contact
For security or data protection inquiries, please contact: [email protected]