← Back to Home

Security

At Yaar AI, security is foundational to how we build and operate our platform. We implement industry-standard safeguards to protect your business data.

Vulnerability Disclosure

We maintain a publicly accessible process for responsible security vulnerability reporting. If you discover a security vulnerability in Yaar AI, please report it to us promptly.

How to Report

  • Email: sabir@tryyaar.com
  • Include a detailed description of the vulnerability and steps to reproduce
  • Do not publicly disclose the vulnerability until we have addressed it

Our Response Commitment

  • Acknowledgment of your report within 24 hours
  • Initial assessment and severity classification within 72 hours
  • Regular updates on remediation progress
  • Notification upon resolution

Data Encryption

In Transit

All data transmitted between your device and our services is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints.

At Rest

Sensitive data stored on our infrastructure is encrypted using AES-256 encryption. OAuth tokens and API credentials are encrypted at rest.

Access Controls

  • Least-privilege principle applied to all data access
  • Data access restricted on a strict need-to-know basis
  • Regular access reviews and audit logging

Authentication & OAuth

Yaar AI uses Login with Amazon (LWA) OAuth 2.0 for marketplace authorization.

  • We never store Amazon seller passwords or login credentials
  • Tokens are encrypted at rest and never logged in plaintext
  • Users can revoke access at any time through their Amazon account settings
  • Upon revocation, all associated tokens are immediately invalidated

Data Minimization

  • We only collect data that is necessary to provide the Services
  • Amazon Advertising data is not cached or retained beyond its intended analytical use
  • Amazon customer PII is automatically deleted within 30 days of the order date
  • All user data is permanently purged within 30 days of account termination
  • Local-first architecture ensures sensitive data stays on user-controlled infrastructure wherever feasible

Compliance

Yaar AI adheres to the following regulatory and platform-specific requirements:

  • Amazon Data Protection Policy (DPP)
  • Amazon Advertising API License Agreement
  • Amazon Ads Partner Network Policies
  • Information Technology Act, 2000 (India)
  • Digital Personal Data Protection Act, 2023 (India)
  • General Data Protection Regulation (GDPR), where applicable
  • California Consumer Privacy Act (CCPA), where applicable

Contact

For security-related inquiries or to report a vulnerability, contact us at sabir@tryyaar.com.