Skip to main content

Trust Center - Security & Compliance

Valiyou Trust Center - Enterprise security dashboard showing ISO 27001, GDPR compliance, SOC 2 certifications, and data protection standards for sponsorship management platform
Enterprise-grade security and compliance are the foundation of Valiyou’s sponsorship management platform, protecting your sensitive sponsorship data with industry-leading standards. Our Trust Center provides complete transparency into our security measures, compliance certifications (ISO 27001, GDPR, SOC 2), data protection protocols, and privacy commitments. Whether you’re managing sponsorship valuations for a small club or a global sports organization, we maintain the highest standards of data security and regulatory compliance to protect your business-critical information.
Last Updated: January 19, 2025 | View Changelog

Security & Compliance

Valiyou is committed to protecting your data with industry-leading security measures and compliance standards.

ISO 27001 Certified

Information security management system certified to international standards

GDPR Compliant

Full compliance with EU General Data Protection Regulation

Enterprise SSO

Single Sign-On support for enterprise authentication

Data Privacy

We never sell your data - your information stays private and secure

What We Protect

Your Data Security

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control with granular permissions
  • Audit Logs: Complete audit trail of all data access and modifications
  • Backups: Daily automated backups with point-in-time recovery
  • Infrastructure: Hosted on secure cloud infrastructure (Vercel, Supabase)

Privacy Commitment

  • No Data Selling: We never sell or share your data with third parties
  • Data Ownership: You own your data and can export or delete it at any time
  • Minimal Collection: We only collect data necessary to provide our services
  • Transparent Processing: Clear documentation of how we process your data

Compliance Standards

  • ISO 27001: Information Security Management certified
  • GDPR: Full compliance with EU data protection requirements
  • Data Processing Agreement: Available for enterprise customers
  • Regular Audits: Third-party security audits and penetration testing

Evidence & Verification

Access our security and compliance documentation for vendor assessments and due diligence:

ISO 27001 Certificate

Status: Certified (Information Security Management System)Valid Through: Contact for current certification periodScope: Full platform security controls and processesRequest Certificate Copy →

SOC 2 Type II Report

Type: SOC 2 Type II (Security, Availability, Confidentiality)Auditor: Independent third-party audit firmReport Period: Contact for latest audit periodRequest Report (Under NDA) →

Data Processing Agreement

Type: GDPR-compliant DPA (Article 28)Availability: Enterprise customersIncludes: Subprocessor list, security measures, data handling proceduresRequest DPA →

Subprocessor List

Infrastructure: Vercel (hosting), Supabase (database)Email: SendGrid (transactional emails)Updated: Maintained quarterlyView Full List →
Enterprise Verification: SOC 2 reports and ISO certificates are shared under NDA for vendor security assessments. Contact security@valiyou.com with your organization details and intended use. Typical processing time: 2-3 business days.

Enterprise Features

Single Sign-On (SSO)

Enterprise customers can enable SSO for centralized authentication:
  • SAML 2.0 support
  • OAuth 2.0 / OpenID Connect
  • Integration with Azure AD, Okta, Google Workspace
  • Automated user provisioning

Advanced Security

  • IP Whitelisting: Restrict access to specific IP ranges
  • 2FA Enforcement: Require two-factor authentication for all team members
  • Session Management: Control session timeouts and concurrent sessions
  • API Security: Secure API access with key-based authentication

Compliance Documentation

Need compliance documentation for your organization?
  • Security Questionnaires: Contact us for completed security questionnaires
  • Data Processing Agreement (DPA): Available for enterprise customers
  • SOC 2 Type II: Report available upon request
  • Penetration Test Reports: Available for enterprise customers

Contact Security Team

For security-related questions or to report a vulnerability:

Security Contact

Email: security@valiyou.comWe take security seriously and respond to all reports within 24 hours.
Report Security Vulnerabilities Responsibly: If you discover a security vulnerability, please report it privately to security@valiyou.com rather than publicly disclosing it. We appreciate responsible disclosure.

Support

For general support questions, contact:

Customer Support

Email: support@valiyou.comOur support team is available Monday-Friday, 9 AM - 5 PM CET.

Frequently Asked Questions

Yes, Valiyou is fully GDPR (General Data Protection Regulation) compliant, which means we adhere to strict EU data protection requirements. This includes transparent data processing, the right to access and delete your data, data portability, breach notification within 72 hours, and privacy by design. You maintain complete ownership of your sponsorship data and can export or delete it at any time. We only collect data necessary to provide our services, never sell your information to third parties, and provide clear documentation on how we process your data. Enterprise customers can request a Data Processing Agreement (DPA) for their compliance requirements.
Valiyou uses industry-standard encryption to protect your data both in transit and at rest. All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security), the latest and most secure protocol. Data stored in our databases is encrypted at rest using AES-256 encryption, the same standard used by banks and government agencies. Additionally, we implement encrypted backups, secure key management, and regular security audits to ensure your sponsorship valuations, sponsor information, and financial data remain completely protected from unauthorized access.
Valiyou implements comprehensive backup and disaster recovery procedures to ensure your data is never lost. We perform daily automated backups with point-in-time recovery capabilities, allowing us to restore your data to any specific moment. Backups are encrypted, geographically distributed across multiple data centers, and tested regularly for integrity. Our infrastructure is hosted on enterprise-grade cloud platforms (Vercel, Supabase) with 99.9% uptime guarantees. In the unlikely event of a system failure, our disaster recovery procedures can restore full service within hours, with recovery point objectives (RPO) of less than 24 hours and recovery time objectives (RTO) of less than 4 hours.
ISO 27001 is an internationally recognized standard for Information Security Management Systems (ISMS). Valiyou’s ISO 27001 certification means we have implemented and maintain comprehensive security controls covering physical security, access management, encryption, incident response, business continuity, and regular risk assessments. This certification is awarded after rigorous third-party audits and requires continuous compliance monitoring. For you, this means your sponsorship data is protected by systematically managed security processes that meet global best practices, not just ad-hoc security measures. ISO 27001 is particularly important for enterprise customers who need to demonstrate vendor security compliance to their own auditors and stakeholders.
Yes, Valiyou maintains SOC 2 Type II compliance and reports are available upon request for enterprise customers and those undergoing vendor security assessments. SOC 2 Type II is an auditing standard that evaluates our security, availability, processing integrity, confidentiality, and privacy controls over a minimum six-month period. Unlike SOC 2 Type I (which evaluates design), Type II examines whether controls are actually operating effectively over time. To request our SOC 2 Type II report, contact security@valiyou.com with your company information and intended use. Reports are shared under NDA and typically processed within 2-3 business days.
Single Sign-On (SSO) significantly enhances security by centralizing authentication through your existing identity provider (Azure AD, Okta, Google Workspace). Benefits include: eliminating password reuse across systems, enforcing your organization’s password policies and multi-factor authentication requirements, enabling immediate access revocation when employees leave, providing centralized audit logs of user access, reducing phishing risks through federated authentication, and simplifying user onboarding and offboarding. SSO is available on Valiyou’s Enterprise plan and supports SAML 2.0 and OAuth 2.0/OpenID Connect protocols. We can also enable automated user provisioning (SCIM) to sync your directory changes automatically.
Data ownership and portability are core principles at Valiyou. If you cancel your subscription, you retain complete ownership of your data and have several options: 1) Export all your data using our CSV and API export features before cancellation, 2) Request a complete data package from our support team, 3) Maintain read-only access for 30 days after cancellation to facilitate data migration. After 30 days, your data enters a 60-day retention period where it can be restored if you reactivate your subscription. After 90 days total, all data is permanently and securely deleted from our systems. Enterprise customers can negotiate custom data retention terms in their contracts.
Valiyou implements multiple layers of security to prevent unauthorized access: Role-based access control (RBAC) with granular permissions, row-level security (RLS) ensuring users only see their authorized data, mandatory two-factor authentication (2FA) for sensitive operations, IP whitelisting for enterprise customers, session management with automatic timeouts, API key-based authentication with rate limiting, intrusion detection and prevention systems, regular penetration testing by third-party security firms, and 24/7 security monitoring. All access attempts are logged in our immutable audit trail. In the unlikely event of a security incident, we have an incident response plan and comply with GDPR’s 72-hour breach notification requirement.
Yes, Valiyou’s compliance framework supports various industry requirements beyond general data protection. For sports organizations, this includes: Financial data handling for sponsorship valuations and contracts, personally identifiable information (PII) protection for sponsor contacts and team members, intellectual property protection for brand assets and marketing materials, audit trail requirements for financial reporting, international data transfer compliance for global organizations, and integration with enterprise compliance systems. Our infrastructure meets requirements for SOX compliance (financial controls), PCI DSS considerations (payment data handling through third-party processors), and regional regulations like CCPA (California), LGPD (Brazil), and PIPEDA (Canada). Contact our compliance team for specific regulatory requirement discussions.
Transparency is fundamental to our trust model. You can verify our security posture through several channels: 1) Request our SOC 2 Type II report for detailed audit findings, 2) Review our ISO 27001 certification certificate (available upon request), 3) Contact our security team (security@valiyou.com) for completed security questionnaires or custom assessments, 4) Request penetration testing reports from our annual third-party security audits, 5) Review our public-facing security documentation at valiyou.io/trust-center, 6) Schedule a security call with our team to discuss specific concerns or requirements. For enterprise customers, we can provide additional documentation including Data Processing Agreements (DPA), Business Continuity Plans (BCP), and Disaster Recovery Plans (DRP).

Changelog

January 19, 2025

  • Added: Evidence & Verification section with direct access to compliance documents
  • Added: ISO 27001 certificate request process
  • Added: SOC 2 Type II report request process (under NDA)
  • Added: Data Processing Agreement (DPA) availability for enterprise
  • Added: Subprocessor list documentation (Vercel, Supabase, SendGrid)
  • Improved: Enterprise verification process details (2-3 business day turnaround)

Initial Release

  • ISO 27001 certification documentation
  • GDPR compliance information
  • Enterprise SSO capabilities
  • Data privacy commitments
  • Security contact information

Learn More

Visit our full Trust Center for detailed information:

Visit Trust Center

Explore our complete security and compliance documentation