Security at YourLio AI

YourLio AI runs on enterprise-grade cloud infrastructure with high-availability architecture. Our systems are designed with redundancy at every layer to ensure uptime and reliability for your storefront.

• Cloud-hosted on AWS with multi-region redundancy
• Auto-scaling infrastructure to handle traffic spikes during flash sales and promotions
• Automated backups with point-in-time recovery
• 99.9% uptime SLA for all production services

All data processed by YourLio AI is encrypted both in transit and at rest using industry-standard protocols.

• TLS 1.2+ for all data in transit -API calls, webhook payloads, and chat sessions
• AES-256 encryption for data at rest across all storage layers
• Shopify API credentials and third-party tokens stored in encrypted vaults, never in plaintext
• Encryption keys are rotated on a regular schedule

We enforce strict least-privilege access across our entire organization and infrastructure.

• Role-based access control (RBAC) for all internal systems
• Multi-factor authentication required for every team member
• Client data is logically isolated -no cross-tenant access is possible
• Access to production systems is logged and audited
• Third-party integrations (Shopify, Meta) use scoped OAuth tokens with minimum required permissions

Your data belongs to you. Period.

• Brand clients own 100% of their customer data, conversation transcripts, and any outputs generated by YourLio AI
• YourLio AI acts as a data processor -we process your data only to deliver the agreed services
• We never use your data to train models for other clients or any third party
• On termination, we return or securely destroy all client data within 30 days of a written request

We work with a limited number of vetted sub-processors to deliver our services. Each is bound by data processing agreements with confidentiality and security obligations no less protective than our own.

We notify clients before adding new sub-processors that handle personal data.

We maintain a documented incident response plan to detect, contain, and resolve security events quickly.

• 24/7 automated monitoring and alerting across all production systems
• Defined escalation paths with clear ownership for critical, high, medium, and low severity incidents
• Affected clients are notified within 72 hours of a confirmed data breach, as required by applicable law
• Post-incident reviews are conducted for every significant event with findings documented and acted on

AI agents deployed by YourLio are designed with guardrails to ensure they operate safely and within the boundaries set by each brand.

• Each brand gets its own fine-tuned AI model -no shared instances, no data mixing between clients
• AI responses are grounded in the brand's product catalog, policies, and knowledge base -not open-ended generation
• Human handoff is triggered automatically when the AI detects edge cases, sensitive topics, or low-confidence scenarios
• Brand owners can review, override, and refine AI behaviour at any time through the dashboard
• AI outputs are probabilistic -clients are advised to validate any business-critical decisions independently

Report a Vulnerability

If you've found a security vulnerability or have concerns about the security of our platform, we want to hear from you. Please report it responsibly.