Yext Limited

Yext Search Experience Cloud

When people ask questions online, often they are left in the dark with wrong answers. Yext solves this problem by structuring an organisation’s facts so it can provide official answers, wherever people search: across search engines, voice assistants and the organisation's website. The US State Department and WHO trust Yext.

Features

  • Local search
  • Natural language processing
  • Landing pages
  • Digital knowledge management
  • Build website
  • Customer reviews
  • Analytics
  • Search engine optimisation (SEO)
  • Website search
  • Citations, listings

Benefits

  • Centralised platform, source of truth for organisation data
  • Answer customer questions from your website
  • Manage structured data on publisher network and website
  • Control landing pages
  • Direct integrations with digital services like Google, Amazon, Siri, etc.
  • Monitor and analyse reviews
  • Real-time analytics available in dashboard
  • Eliminate customer frustration from incorrect data
  • More clicks to website, more clicks to call
  • Accurate data on digital ecosystems like Google, Facebook, Alexa, etc..

Pricing

£100 a unit

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ssudhakar@yext.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 9 4 6 5 1 4 7 6 0 6 4 7 3 8

Contact

Yext Limited Sujith Sudhakar
Telephone: 07748752505
Email: ssudhakar@yext.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No. Planned maintenance occurs from 12 AM - 5 AM US EST on Sunday a maximum of 3 times per quarter.
System requirements
  • Internet service
  • Browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Basic Support all questions are answered within 48 (business) hours, and with Premier support it is within 24 (business) hours.
Your assigned Client Success Manager is always available to chat and it is their goal to respond to any questions within 4 hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We do not have a formal testing program as chat functionality is custom-scoped as per customer request.
Onsite support
Yes, at extra cost
Support levels
Basic Support is provided for every customer and is designed to speed up time-to-value to get you up and running with Yext. The Support team assists by answering functionality questions about the platform and by resolving technical issues that arise. Email support is available 8 hours a day, 5 days a week, in addition to 24/7 access to a library of self-serve training.

For increased support, Yext offers Premier services that include priority email/phone support, platform customisation, hands-on Listings support, Google account administration, and more. Our clients can work with Yext’s technical experts one-on-one for a custom-tailored solution to manage all facts about their brand.

Yext White Glove Services is a support partnership that is purpose-built for businesses that want to maximise the success of their program and provide field users with the expertise to optimise their digital presence with Yext. They will guide your managers through any questions they may have about the platform. The team will also offer strategic advice — highlighting new opportunities in the constantly-changing search ecosystem.

Yext will assign a Client Success Manager regardless of your support level, but a Designated Platform Expert (Technical Account Manager) is only included with the Premier Support package.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Yext works with each customer to ensure their data is collected internally and then, via dedicated support through an Implementation Manager and Client Success Manager, who walk you through the onboarding process. Historically, business/organisation data can be very fragmented, but Yext holds your hand through the entire onboarding process. Depending on how fragmented data is and which products you are implementing, onboarding times can vary. However, at the end of the process, your organisation will have a solution in place that can help to answer the complex questions your customers are asking.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Yext allows customers to export their data only while the contract is active.
End-of-contract process
If you wish to renew, we will create a new contract.

If you choose to deactivate your account, we will delete, block or anonymize your personal information so that it is no longer possible to identify you. We will retain your information for as long as your account is active or longer if needed to provide you services. After termination of the Master Agreement, Yext will, at your request, delete or return all Customer Personal Data, unless otherwise provided as per GDPR compliance, data will be deleted within 30 days of receiving a written request from the former customer to this effect.

All customers may download their data directly from the platform in any industry-standard format at anytime during their contract.

There is no charge for downloading your data.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Yext is agnostic to both mobile and desktop endpoints. All functionality is available for mobile and desktop service, however we recommend accessing Yext on the desktop for optimal user experience.
Service interface
Yes
Description of service interface
The Yext platform has a simple to use, web-based interface allowing users to easily manage the public facts about their organisation. Users can access Yext, using a login/password or SSO (aligned to SAML 2.0) with access aligned to specific roles and permissions.

There is an interface for Yext Pages that allows you to see all of your Pages in the Sites tab. No matter how many Templates you have, whether they be for locations, FAQs, etc. all of these Templates can be found in one place. We also have a dedicated Domains section for managing your domains.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Pages compliance is tested using a leading WCAG 2.1 Testing Tool (e.g., WAVE by WebAIM), or other tools as mutually agreed upon, to ensure that page templates do not contain accessibility errors, as identified by the testing tools. Compliance testing using a testing tool will be executed each time Yext makes a material change to the Client’s page template. One or more compiled pages will be generated using each modified template and current information stored within the Yext Knowledge Graph. These pages will be tested as representative samples of the pages maintained by Yext on the Client’s behalf. Manual testing for WCAG 2.1 level A or AA guidelines which are unable to be checked by the testing tool is executed at Yext’s discretion. Due to the subjective nature of guidelines that cannot be tested within the testing tool, Yext makes a best efforts attempt to maintain compliance. One or more compiled pages will be generated using each modified template and current information stored within the Yext Knowledge Graph. These pages will be manually tested as representative samples of the pages maintained by Yext on the Client’s behalf. We are fully WCAG 2.1 AA compliant for our consumer facing platform.
API
Yes
What users can and can't do using the API
Yext provides a REST Web Services Platform API with read/write access to all data. The Platform API is meant to provide system-to-system bi-directional data synchronisation at an hourly or daily interval. We additionally offer a REST Web Services Live API that provides highly-available, low-latency, read-only access to your data. For additional detail, please visit our developer API material: https://developer.yext.com/docs/api-reference/
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Custom entity types give you the full range of possibilities for answers to show up in all your owned search experiences, and you are able to create custom, purpose-built Schema.org markup for the Pages you build for Custom Entity Types. This new capability improves your eligibility for rich search results by structuring your data so search engines can easily understand your organisation. Custom entities allow you to store additional aspects of your brand in the Yext platform, as well as publish them to your Pages for increased discoverability. Each of these custom entity types can have its own set of fields so you can determine which facts to manage and store for each type.

Custom analytics are available where you can build custom or company-wide dashboards that show your choice of more than 40 hand-built insights and shareable to anyone in your organisation. You are able to build your own custom insights from data sources like the Google Search Console, Facebook Social Analytics, Google My Business, the Knowledge Network, and much more. Then, save those insights to any dashboard you’d like.

The user roles and permissions for Yext users can be flexible down to the feature, location, and even field.

Scaling

Independence of resources
On a monthly basis, Yext reviews critical capacity metrics to ensure that all systems are operating within normal parameters. Deviations result in a JIRA ticket to increase capacity. These critical capacity metrics include alert histories of alarms, bandwidth on network ingress and egress points, overall system utilisation on critical systems, storage utilisation and key application performance metrics.

Analytics

Service usage metrics
Yes
Metrics types
Determining an appropriate SLA requires understanding the nature of a particular business and risks associated with the solution we ultimately provide to that organisation. Yext will provide a SLA which sets forth its expected levels of performance and details Yext's corrective actions during contract negotiations. Yext provides a target uptime of 99% for consumer-facing services such as Pages and Answers. The core platform has a target availability of 98% (not including planned maintenance, 12 AM - 5 AM US EST on Sunday, maximum 3 times per quarter). Information on outages, degradations to services, and other impacts are accessible here: https://www.yexttrust.com/
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Yext allows customers to export their data in a number of industry-standard formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • API
  • Secure FTP
  • ETL
Data import formats
  • CSV
  • Other
Other data import formats
  • API
  • Secure FTP
  • ETL

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Determining an appropriate SLA requires understanding the nature of a particular business and the risk associated with the solution we ultimately provide to that business. This being said Yext will provide its Service Level Agreement which sets forth its expected levels of performance and details Yext's corrective actions taken in such circumstances during contract negotiations. Yext provides a target uptime of 99% for consumer-facing services such as Pages and Answers. The core platform has a target availability of 98% (not including planned maintenance from 12 AM - 5 AM US EST on Sunday a maximum of 3 times per quarter). For existing clients that use our Pages and Answers we have maintained 100% uptime almost every month, only dipping to 99.9% occasionally. Yext also maintains a "trust" site that offers information on outages, degradations to services, and other impacts that can be accessed here: https://www.yexttrust.com/
Approach to resilience
From an application availability standpoint, we provide redundancy at all levels of our infrastructure. Our network has a high-availability architecture which can seamlessly handle equipment or ISP failures. Core infrastructure services such as DNS also have automated failover capabilities. Our applications run in a service-oriented architecture, in which all services run multiple copies in parallel and can dynamically respond to service failure.

In the event of a catastrophic (data-center level) failure, we have a disaster recovery plan which enables our services to run in our backup data center, located 1300 miles away from the primary (failed) data center.

Environmental controls such as fire detection and suppression systems, air conditioning and humidity monitoring systems, UPS units, and generators are in place.
Outage reporting
The Incident Commander puts together the initial incident summary and posts the “Initial Post” template to the Trust Site. The Trust Site is a separate website from Yext’s environment to provide real time 24x7 updates to the internal and external system users about the availability of the system. If an outage impacting event occurs such as a breach, the Incident Commander sends a text message or email to the Incident Response Team. The Incident Response Team will agree on the appropriate post incident communication process including determining if communication to customers is necessary.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Authentication is provided by username and password (or via SAML2.0, if configured). In the case of SAML, the authentication is verified by a pre-configured third party of the customer's choosing. In the case of username/password, the hashed combination is sent via TLS to our systems and compared to a hash stored on our end. In both cases, a successful authentication will provide the user's browser with an encrypted cookie that permits further access. All access attempts are logged.
Access restrictions in management interfaces and support channels
Access to systems is limited to defined roles based on job function through the use of Least Privileged Access. Sessions are bound to specific users with a defined level of access. Passwords are hashed and salted in the traditional model with complexity requirements in place. Authentication is provided by username and password (or via SAML2.0). With username/password verification, the hashed combination is sent via TLS to our systems and compared to a hash stored on our end. In both cases, a successful authentication will provide the user's browser with an encrypted cookie permitting further access. All access attempts are logged.
Access restriction testing frequency
At least every 6 months
Management access authentication
Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
PCI Security Standards Council
PCI DSS accreditation date
26/07/2019
What the PCI DSS doesn’t cover
Yext is PCI DSS 3.2 compliant.
Other security certifications
Yes
Any other security certifications
  • SOC2 Type II
  • PCI DSS 3.2
  • GDPR
  • EU-US Privacy Shield

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Yext has passed a SOC 2 Type II audit, audited by Ernst & Young. Yext is also certified for PCI and compliant with EU-US Privacy Shield. Yext has defined its Information Security Management System and aligned with ISO 27000 series standards.
Information security policies and processes
Below lists the Information Security policies and procedures that Yext maintains internally.

● Holistic Information Security
● Data Classification
● Removable Media
● Security Incident Management
● Backup
● Communication of System Changes
● Cloud Storage
● Clean Desk
● Encryption
● Log Management and Monitoring
● Code Change Management
● IT Asset Management
● Vulnerability Management
● Business Continuity Plan
● Anti-Phishing
● Security Training and Awareness
● Engineering Major Incident Response Process
● Physical Security Guidelines
● Incident Response Plan
● Service Account Management
● Technology Org Risk Assessment Procedures
● User Access Management

Security policies apply to all Yext management, and employees. Compliance with all security policies, data classification policies and associated standards is mandatory. Additionally, management applies provisions to agreements and contracts with business partners and service providers reflecting appropriate elements of these policies. Failure to comply with these policies may result in disciplinary or other adverse actions, including where appropriate, termination of employment or business relationships.

We do annual EMR exercises that are shared with the executive staff, and quarterly information security risk reviews with the Information Security Oversight Council, which includes Yext's CIO, General Council, Head of HR, and Head of Internal Audit.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Yext has designed change management procedures to provide a comprehensive process in which changes to Yext’s system are requested and approved prior to the installation or implementation of the change. System changes include:
Development
Infrastructure
Publisher
Components
Requirements
Changes are tested in the lower environment prior to being promoted to production. Code changes are peer reviewed and validated.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Yext has developed a process in which internal systems are scanned on a rotational basis. Weekly internal scans are performed with the vulnerability management tool and the results are reviewed by the information security team. Our external services are scanned routinely by TrustWave for PCI-related vulnerabilities. Our source code is also scanned and processed by Blackduck and Coverity. Critical and high vulnerabilities are remediated within 72 hours. Medium vulnerabilities are remediated within 7 days.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Yext monitors activity within the corporate and production environment. We utilise multiple monitoring systems, including Nagios, Graphite, LightStep, Sentry, Monitis and a host of custom enhancements to provide a holistic understanding of how our systems are performing. Security logs are reviewed monthly.
- Server Operating Systems
- Database Audit
- Firewall and Switch
- IDS
- HIDS
- Anti-virus
If a potential security violation exists, the Information Security team documents the findings, investigates the incident, informs relevant external parties and oversees the resolution. The Information Security team reviews logs to verify they are monitored, and appropriate follow-up action is taken.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Vulnerabilities of system components to security, availability, confidentiality breaches and incidents due to malicious acts, natural disasters, or errors are identified, monitored, and evaluated. Countermeasures are designed, implemented, and operated to compensate for known and newly identified vulnerabilities. Security, and confidentiality incidents are reported and acted on in accordance with established procedures. The Security Incident and Response Policy has defined protocols for evaluating reported events. Incidents are documented and tracked through resolution.

In case of a Personal Data Breach which may affect Customer Personal Data, Yext will notify the relevant Controller without undue delay after becoming aware of the breach.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£100 a unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Yext offers a 3 month trial of our Answers product. Yext Answers is a site search solution that understands natural language queries and returns direct answers that are optimised for conversion. This instance covers up to 3 entity types and 1,000 total entities surfaced, such as FAQs, locations, etc.
Link to free trial
To be provided separately.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ssudhakar@yext.com. Tell them what format you need. It will help if you say what assistive technology you use.