Information Security Policy

YumTok Information Security Policy

Effective Date: June 1, 2025
Approved By: Vlad Azimhodjaev
Applies To: All employees, contractors, and third-party partners of YumTok

1. Purpose

The purpose of this policy is to protect YumTok’s information assets, including customer data, company systems, and intellectual property, from unauthorized access, disclosure, alteration, or destruction. YumTok is committed to maintaining the confidentiality, integrity, and availability of information in accordance with industry best practices.

2. Scope

This policy applies to all information systems, applications, devices, and data owned, managed, or processed by YumTok, including cloud services, third-party platforms (e.g., TikTok Shop), and vendor integrations.

3. Information Security Principles

YumTok’s security program is based on the following principles:

  • Confidentiality – Only authorized users can access sensitive information.

  • Integrity – Information must remain accurate and unaltered except by authorized processes.

  • Availability – Systems and data must remain accessible to authorized users when needed.

4. Policy Statements

4.1 Data Protection

  • Customer and business data must be stored securely in encrypted databases or trusted cloud providers.

  • Personally Identifiable Information (PII) and payment information are never stored directly by YumTok and are processed only through secure third-party providers (e.g., payment gateways).

  • Regular data backups are maintained and tested for recovery.

4.2 Access Control

  • User accounts must use strong, unique passwords and multi-factor authentication (MFA) where available.

  • Access to company systems is based on the principle of least privilege.

  • Accounts of former employees or contractors must be deactivated immediately.

4.3 Device & Network Security

  • All devices (laptops, phones, tablets) accessing YumTok data must use up-to-date antivirus and security patches.

  • Public Wi-Fi connections require a VPN when accessing company resources.

4.4 Vendor & Third-Party Security

  • YumTok only engages vendors and partners that maintain appropriate security controls.

  • Third-party integrations (including TikTok Shop) are reviewed for compliance with data protection requirements.

4.5 Incident Response

  • Any suspected or actual data breach must be reported immediately to management.

  • YumTok will investigate incidents promptly, notify affected parties if required, and take corrective action.

4.6 Training & Awareness

  • Employees and contractors must receive basic security awareness training upon onboarding.

  • Security reminders and updates are communicated regularly.

5. Compliance

This policy supports YumTok’s compliance with applicable privacy and data protection laws (such as GDPR and CCPA where relevant).

6. Review & Updates

This policy will be reviewed annually or whenever significant changes occur in YumTok’s systems or operations.

Approved by:
Vlad Azimhodjaev
Founder & Director, YumTok

Create a free website with Framer, the website builder loved by startups, designers and agencies.