Last updated: May 2026 (pending legal final review)
01
Encryption
End-to-end TLS 1.2+ in transit; AES-256 encryption at rest.
Least-privilege; full admin action audit; SSO and MFA supported.
Multi-tenant logical isolation; daily offsite backups for critical data.
24/7 security monitoring and alerting; regular vulnerability scans and pentests.
05
Compliance
Compliant with PRC Personal Information Protection Law, Data Security Law and related regulations.
Documented incident response. Reportable incidents are disclosed to affected users and regulators within 72 hours per law.
Working towards ISO/IEC 27001, SOC 2 and industry certifications.