
Security FAQ
Procurement-safe answers for IT, legal, and operations
A public-safe overview of how Yokly approaches devices, access, oversight, and data handling. Full legal and security detail is available during diligence.
Yokly is built for teams that need trust, control, and operational clarity. This FAQ is designed to answer the common first-pass questions from procurement, IT, legal, and operations teams without replacing executed agreements or diligence materials.
Frequently asked questions
What is Yokly's security posture at a high level?
Yokly uses company-controlled devices, MFA, VPN, least-privilege access, and tier-based oversight controls designed to match the workflow and data sensitivity involved.
Do you use managed devices?
Yes. Yokly work is performed on company-managed devices with enforced security settings, encryption, and remote-wipe capability.
How do you handle access?
We use least-privilege access, MFA, and controlled provisioning. Access should be limited to the tools and folders needed for the approved workflow.
Do you work in the client's systems or your own tools?
Both models are supported. Client Stack Modemeans Yokly works in the client's tools and licenses. Yokly Toolkit Mode means Yokly provisions a standard toolkit we can train, support, and QA consistently. Basecamp is the operating hub unless otherwise approved in writing.
Client Stack Mode
Work in your tools and licenses
Yokly Toolkit Mode
Standard toolkit provisioned by Yokly
How do you handle different data sensitivities?
Yokly uses data levels from L0 to L3. Associate and Specialized Associate support up to L2. Managed Team supports L3 with stronger safeguards. For regulated healthcare workflows, PHI requires Managed Team plus an executed BAA before handling begins.
L0
Public
L1
Internal
L2
Client-Confidential
L3
Restricted
Tier mapping:Associate/Specialized Associate → up to L2 • Managed Team → L3 with safeguards
Do you use screenshots?
Associate and Specialized Associate use activity and time-log oversight without screenshots. Managed Team may use blurred screenshots and QA sampling where the workflow and controls require it.
Do you support incident response?
Yes. Yokly follows an incident-response process for detection, containment, notification, recovery, and post-mortem follow-up. If there is actual or suspected unauthorized access to client data, Yokly notifies the client within 72 hours of discovery and cooperates with investigation and mitigation.
Response path:
DetectContainNotifyRecoverPost-MortemCan you support regulated environments?
Yes, where the correct tier, approvals, and addenda are in place. Regulated data should not be handled before the appropriate agreement terms are executed.
Do you provide legal or compliance advice?
No. Yokly supports approved workflows and controls, but does not provide legal, tax, or medical advice.
Security at a glance
Key security controls that protect your operations
Managed Devices
Company-controlled with encryption and remote wipe
Access Control
MFA, least-privilege, and controlled provisioning
Tier-Based Oversight
Activity logs to blurred screenshots based on tier
Data Levels
L0–L3 categories matched to tier capabilities
Incident Response
72-hour notification with documented process
Secure by Default
Security built into operating model from day one
Need more security details?
For diligence materials, security whitepapers, or specific security questions from your IT or legal team
security@yokly.comRelated resources
Explore additional security and operational documentation
Trust and Security
Complete overview of security principles, data handling, and incident response.
View full security details →SLA & Policies Overview
Plain-English summary of service levels, continuity, and operational standards.
Read SLA overview →Ready to move forward?
Explore our full security documentation or book a call to discuss your specific requirements
