Back to yoou.io

Trust

Security

Last updated: June 22, 2026

1. Account and access controls

yoou.io uses authenticated sessions, role-based admin access, password hashing, OAuth support, password reset token hashing, rate limiting, webhook checks, and abuse-prevention controls to protect accounts and product workflows.

2. Secret handling

User AI keys, platform AI keys, and payment secrets are encrypted at rest where stored by yoou.io. Secret previews show only partial identifiers. Secrets are never intentionally displayed again after storage.

3. Infrastructure

The application and market intelligence services are separated, use private networking where configured, and expose internal service endpoints only through authenticated internal routes. Production image storage should use configured object storage rather than local public files.

4. Responsible disclosure

If you believe you found a vulnerability, contact security@yoou.io with clear reproduction steps and do not access, modify, exfiltrate, or disrupt data you do not own. We do not currently operate a paid bug bounty program.