Security & Privacy
At YOOM Digital Agency, protecting the data we handle is a core part of how we work — not an afterthought. This page outlines our approach to security and privacy across our website and operations.
Secure Hosting
Our website is hosted on Vercel, a leading cloud platform with enterprise-grade infrastructure. All traffic to yoomdigital.com is encrypted in transit using TLS (HTTPS). Vercel provides automatic SSL certificate management, edge distribution, and DDoS protection.
Encryption
- In transit: All data transmitted between your browser and our website is encrypted using TLS 1.2+
- At rest: Data stored by our service providers (Vercel, Google Analytics, Formspree) is encrypted at rest according to their respective security practices
Access Controls
Access to our website administration, analytics, and service provider accounts is restricted to authorised team members only. We use strong, unique credentials and enable multi-factor authentication where available.
Data Minimisation
We only collect the data we need. Our contact form asks for the minimum information required to respond to your enquiry. We do not require account creation or collect data beyond what is necessary for the stated purpose.
Vendor Management
We work with a small number of trusted service providers, each chosen for their security standards and compliance posture:
- Vercel — Website hosting (SOC 2 Type II compliant)
- Google Analytics — Website analytics (IP anonymisation enabled, consent-gated)
- Formspree — Contact form processing
We do not use marketing pixels, session replay tools, or third-party advertising trackers.
Consent-Based Analytics
Google Analytics only loads after you give explicit consent through our cookie banner. If you reject analytics cookies, no tracking scripts are loaded and no analytics data is collected from your visit.
Security Headers
Our website implements security headers including:
- X-Frame-Options: SAMEORIGIN — prevents clickjacking
- Referrer-Policy: Controls referrer information in navigation
- Permissions-Policy: Restricts access to device APIs (camera, microphone, geolocation)
Retention Discipline
We do not keep data longer than needed. Contact form submissions are retained for a limited period, server logs are rotated regularly, and analytics data follows Google's configured retention windows. See our Privacy Policy for specific periods.
Incident Response
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within the timeframes required by the GDPR. Where required, we will also notify affected individuals directly.
Responsible Disclosure
If you discover a security vulnerability on our website, we would appreciate your help in disclosing it responsibly. Please contact us at contact@yoomdigital.com with details. We will investigate promptly and work to resolve valid issues.
Related Pages
Privacy Policy · Cookie Policy · Privacy Rights · Terms of Use
The difference
Why Yoom
Most agencies still focus on websites and traditional SEO. YOOM Digital Agency is built for what's next.
Built for AI search from day one
Most agencies built their practice on traditional rankings and retrofitted AI as an add-on. We started with the question: how do AI systems discover and recommend businesses?
We test what we teach
Every framework we apply has been tested on real deployments. We submit queries to ChatGPT, Gemini, and Perplexity, track which sources are cited, and reverse-engineer the patterns.
We explain the work
We publish the methodology behind every engagement. Our guides on GEO, AEO, and schema are available for anyone - because visibility should be accessible, not locked behind jargon.
Strategy, not just execution
We advise on content architecture, entity positioning, and AI citation strategy with the same depth as an in-house strategist - at a fraction of the cost.