Trust Center

Start your security review

View & download sensitive information

Ask for information

Overview

Welcome to the Yext Trust Center – your gateway to understanding our commitment to data security, privacy, and compliance. In this page, you can access our compliance documentation, find answers to frequently asked questions about security and privacy, and learn about our security practices.

We prioritize transparency and strive to build trust with our customers. This portal is designed to provide the information and assurance you need to feel confident in our ability to protect your data and safeguard underlying assets.

Compliance

Documents

Featured Documents

COMPLIANCEPCI DSS

COMPLIANCESOC 2

PRODUCT SECURITYProduct Architecture

CORPORATE SECURITYPenetration Testing

Infrastructure

Status Monitoring

Data Center

Cloud Hosting

Risk Profile

Data Access LevelPublic

Impact LevelModerate

Recovery Time Objective24 hours

Product Security

Audit Logging

Data Security

Integrations

Reports

Network Diagram

Pentest Report

Policies

Acceptable Use Policy

Access Control Policy

Asset Management Policy

App Security

Responsible Disclosure

Bot Detection

Code Analysis

AI

AI Training Data

AI Security

AI Monitoring

ESG

Anti-Bribery and Corruption

Anti-Modern Slavery

Code of Ethics

Legal

Subprocessors

Customer Audit Rights

Cyber Insurance

Data Privacy

Data Breach Notifications

Employee Training

Access Control

Access Log Management

Automated Account Management

Data Access

Corporate Security

Asset Management Practices

Employee Handbook

Employee Training

Security Grades

Qualys SSL Labs

https://www.yext.com/

A+

Incident Response

Pager Service

Security Operations Center (SOC)

BC/DR

Alternate Processing/Storage Site

Business Continuity Plan (BCP)

Contingency Plan Testing/Lessons Learned

Training

Employee Training

Phishing Training

Secure Development Training

Physical & Environment

Access Monitoring

Alarms & Surveillance

Delivery & Loading Zones

Trust Center Updates

npm Supply Chain Attack "Shai-Hulud"

Copy link

General

A new npm supply chain attack, referred to as “Shai Hulud”, has been reported in the security community. This incident involves the publication of malicious versions of specific npm packages to the ecosystem.

At this time, Yext has not identified any impact on our systems or services. We are continuing to monitor the situation closely and will take immediate action if new information becomes available.

What you should know about this incident:

The attack involves a self-replicating worm that spreads through npm packages.

Its goal is to compromise downstream applications through malicious package versions.

The issue is industry-wide and not specific to Yext.

If you have questions, please get in touch with us at security@yext.com.

Important Security Notice: Protect Yourself from Impersonation & Phone Scams

Copy link

General

There's an important security issue we want to bring to your attention. We've recently noticed a surge in impersonation, email phishing, and phone spoofing attacks that involve our company name and contact numbers.

In these attacks, bad actors:

Send emails or messages pretending to be from Yext HR, Finance, or other teams
Call from phone numbers that appear to be Yext numbers (caller ID spoofing)
Ask recipients to share sensitive information or send payments

These communications are fraudulent and are not coming from Yext.

If you get a fraudulent communication, please forward it to security@yext.com. If you have already interacted with one, contact your internal IT team and ask them to escalate the incident to us.

If you need help using this Trust Center, please contact us.

Contact support

If you think you may have discovered a vulnerability, please send us a note.

Report issue