Legal

Data Security

Our commitments and controls for data security and compliance.

Last updated: May 2026 (pending legal final review)

End-to-end TLS 1.2+ in transit; AES-256 encryption at rest.

Least-privilege; full admin action audit; SSO and MFA supported.

Multi-tenant logical isolation; daily offsite backups for critical data.

24/7 security monitoring and alerting; regular vulnerability scans and pentests.

Compliant with PRC Personal Information Protection Law, Data Security Law and related regulations.

Documented incident response. Reportable incidents are disclosed to affected users and regulators within 72 hours per law.

Working towards ISO/IEC 27001, SOC 2 and industry certifications.