NL
Data security you can trust
Certified, transparent and future-proof
Whether you work with personal data of visitors, speakers or employees: data security must be well organized. With Yellenge, security is at the core of platform. We meet the strictest standards and go beyond GDPR. From hosting on Dutch servers to annual penetration testing, you can rely on a solid foundation.
- ISO 27001 certified since 2019
- Hosting and data processing within the EU
- Security by design
We understand the concerns of your organization
When organizing events, you work with sensitive data: from participant lists to evaluations and payment information. Of course, you want to ensure all that data is properly protected. At Yellenge, we understand that responsibility. That’s why our platform is built to the highest standards for privacy, security, and compliance. This allows you to focus on the content, not the risks.
Smart security for your event
A secure event environment requires more than just technology. That’s why Yellenge takes a structured approach to security and compliance with certified processes, smart technology, and highly trained staff. This way, you can be sure your attendee data is safe and sound.
Our security standards
The Yellenge platform is not only user-friendly but also built on a solid foundation of information security. From certification and hosting to privacy policies and awareness, you can rely on a platform that manages everything you (and your IT department) consider important.
Data storage
Our data servers are hosted in the Netherlands by a data center partner that holds various certifications, including ISO 27001, NEN 7510, and an ISAE 3000 Type II certificate. Everything is managed, monitored, and controlled by Dutch companies that are therefore required to comply with Dutch laws and regulations. This partner also has a VMware Cloud-Verified sovereign cloud, a reliable and secure private cloud environment that meets the highest standards and remains within the Netherlands.
Email security
Our email security is also handled by a Dutch partner and includes the use of secure connections (HTTPS, STARTTLS), authentication enforcement for API access, and digital signatures for webhooks to prevent spoofing. We also use email authentication standards such as SPF, DKIM, and DMARC for domain verification and reporting, and to comply with data protection regulations such as the GDPR.
Malware
Before sending emails, we always check attachments for malware. We also do this for all uploads to our platform.
Yellenge performs daily E2E encrypted backups of customer data, including media files. These are stored and managed in multiple locations according to a strict retention policy. Our infrastructure is monitored so we can quickly intervene in the event of any threats or problems. Our systems also record relevant events (logging) to ensure the reliability, integrity, and security of our IT environment. This data is used exclusively for security purposes, system administration, and compliance audits.
We retain log files and personal data no longer than necessary. Retention periods are aligned with legal obligations, internal policies, and operational needs. Our systems are continuously available with a historical uptime of over 99.9%. Current status information and performance figures can be found at uptime.yellenge.nl.
We operate fully in accordance with the GDPR and apply the principle of privacy by design to all our systems. This means that privacy and data security are built into every part of the platform from the very beginning. Participants retain control over their own data and can configure within the platform and the app what information they want to share and with whom.
Our clients are the controllers, we are the processors. We enter into a data processing agreement with all clients.
Collection and use of data
We only collect data that is strictly necessary for the platform’s reliability and stability. This includes IP addresses, functional cookies, and limited technical information. This data is not used for commercial or tracking purposes.
Cookies within our events
We use only functional cookies within our event environments. These ensure that the website works quickly, stably, and securely, without any analysis or tracking. This means that visitors won’t see any annoying cookie pop-ups, and that user privacy is naturally protected.
Rights of data subjects
Personal data will be deleted 30 days after the end of an event, in accordance with the GDPR. Through the organization of an event, every data subject can exercise the right to access, rectify, and erase their personal data.
DPIA / GEB
Our clients conduct their own Data Protection Impact Assessments (DPIAs) or Data Protection Impact Assessments (DPIAs) on our platform. To support this process, we provide a standard draft DPIA as a starting point. Request a draft DPIA via our contact form.
More information
Please see our model privacy and cookie statement and our model data processing agreement for more details about data protection within our event websites and platform.
All Yellenge employees undergo mandatory annual security awareness training, tailored to the latest threats. Our Security Officers also ensures continuous policy enforcement and follow-up. This keeps our team sharp and your data protected. Besides security awareness training, we also organize various tabletop exercises to thoroughly test various scenarios, ensuring that existing procedures and plans are effective and applicable in practice. Security is also deeply ingrained in our company culture: awareness, diligence, and responsibility are an integral part of our daily operations.
Finally, all employees are required to obtain a Certificate of Good Conduct (VOG). This ensures that everyone who works at Yellenge meets our integrity standards.
ISO 27001 Certification
Yellenge has been ISO 27001 certified since 2019. This means we meet high standards for information security. Our partner, TÃœV NORD, conducts an annual audit to update our certification. Our ISO 27001 certificate can be requested via our contact form and (as stated on the certificate’s Statement of Applicability) covers our entire company: development, management, customer support, and sales of the event management platform.
Pentesting & Third Party Memo
Every year, we have a third party perform a technical penetration test on a dedicated environment to ensure users are not inconvenienced. The results are available upon request in the form of a Third Party Memo. We also participate in penetration testing for clients upon request (see terms and conditions). Besides the scheduled tests, it’s always possible that someone else might discover something. For more information, please refer to our responsible disclosure policy.
Secure development principles
To support our development process, we use the OWASP Top 10, a document with guidelines for web application developers. It contains a number of points that experts consider the most critical security risks for web applications. By following these principles, along with a checklist based on Certified Secure methods, we can systematically prevent common errors.
Within the overall development process, the four-eyes principle provides an additional guarantee of quality and reliability. This principle means that critical actions, such as code changes or production deployments, are always reviewed by at least two authorized individuals. In addition to the four-eyes principle, each release is also manually tested in our acceptance environment.
