Security overview

Built on the official Meta Cloud API.

No unofficial bridges, no reverse-engineered protocols. Encryption at rest and in transit, per-tenant isolation, and a clean way out whenever you want it.

Encryption at rest

Meta access tokens, payment credentials, and other tenant secrets are encrypted with AES-256-GCM envelope encryption. Keys are rotated and never stored alongside the data they protect.

Encryption in transit

TLS 1.3 on every endpoint via Cloudflare. No traffic between your browser, our services, and Meta travels unencrypted.

Per-tenant isolation

Every workspace is logically isolated. One tenant can never read another tenant's conversations, contacts, or credentials.

PCI-secured payments

Razorpay and Stripe (both PCI DSS Level 1) process every card. YinPsi servers never see or store card data.

DPDP-aligned handling

Data handling is aligned with India's Digital Personal Data Protection Act — consent, purpose limitation, and the right to access and delete.

Your data, your exit

Export everything via API at any time. Delete your workspace and the underlying data is removed within 30 days.

Compliance roadmap

YinPsi is independently auditable today. SOC 2 Type II is on our 12-month roadmap. For DPA requests, data residency options (IN / EU / US), audit-log export, or a security questionnaire, email security@yinpsi.com.

Found a vulnerability? Responsible disclosure to security@yinpsi.com is always welcome and always credited.