初七云

CqCloud-初七云

初七云在区块链上发布的协议以及文章
github
首页归档用户协议产品协议

How we protect your data security

41
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
In the current digital age, data has become a core asset for businesses, driving growth and innovation. IDC plays a crucial role in data security, which directly impacts a company's success. Data security is prioritized to ensure user confidence. Key measures include: - **User Information Security**: Addressing issues like data breaches and unauthorized access, particularly from internet vendors and potential collusion. - **Security Measures**: Implementing WAF to block unauthorized access, using IDS for data protection, and requiring MFA for employee access. Data is encrypted and stored securely, with traceable operations. - **Transmission Security**: Utilizing ECC certificates and SSL encryption for secure data transfer. - **Regular Maintenance**: Monitoring logs from WAF and servers to ensure comprehensive oversight. - **Data Sovereignty**: Users can manage their accounts, and there is a secure process for data deletion upon account termination. - **Judicial Compliance**: The company adheres to legal requests for data, ensuring verification and documentation to prevent leaks. - **Transparency Reports**: Regular updates on security efforts and government data requests are provided. - **Incident Response**: In case of a data breach, an emergency response will be activated, with notifications sent to affected users within specified timeframes, following legal requirements for transparency throughout the process. Overall, the company emphasizes a strong commitment to data security and user trust.

In the current wave of digitalization, data has become the core asset of enterprises and is the key force driving business development and innovation breakthroughs. As the "big steward" of data, IDC's security protection capabilities directly relate to the rise and fall of enterprises.

We believe that data security is the premise for users to feel at ease, so we regard user data security as our most important task.

User Information Security#

User Real Name Data Security#

Currently, data breaches and leaks are prevalent online, largely due to security issues from internet vendors or inaction within government agencies, or collusion between internal and external parties.

Initial Seven Cloud's Security Measures#

Initial Seven Cloud has directly prohibited access to related paths at the WAF layer for critical business nodes. To ensure that the origin site is not scanned or exposed to risks, we block requests that do not come from the cloud's extreme subsidiary, Initial Star Security. At the origin site, we utilize an IDS system and allow internal network access to ensure data security.

At the same time, we encrypt the retained data and store it on our various core servers. Access to materials can only be obtained through our barrier machine, and every operation can be traced and tracked. Our employees' access requires MFA authentication, and our partners under the group use RBAC and the principle of least privilege to ensure no overreach.

For transport layer security, we use ECC certificates for encryption, and the nodes to the origin server cluster also use our SSL encryption to achieve end-to-end security.

We conduct regular maintenance, proactively observe and analyze logs, and comprehensively monitor business logs from the WAF and origin server cluster to ensure that no details are overlooked.

Regarding data backup, we regularly compress and encrypt the business database and origin server, saving it to our partners' storage buckets, and choose multiple partners for storage.

Data Sovereignty#

We respect your data sovereignty; therefore, we allow you to manage your account. However, we need to ensure that we have verifiable evidence when judicial authorities request it. We have a secure data destruction process. If you choose to delete your account in advance, after we process it, we will deactivate your account, and after 90 calendar days, we will permanently remove your account from our database.

Regarding Judicial Transfer#

We are a law-abiding Chinese company. When judicial authorities request data retrieval, we will retain relevant materials after verification by no fewer than two employees and transfer relevant cloud product logs and user information through appropriate means, requesting a return receipt to avoid material leaks due to non-compliance.

Transparency Report#

We will regularly disclose our security reports and the efforts we make for your data security, as well as disclose data requests from the government.

Data security is not absolute; there are certainly individuals with technology far beyond ours. In extreme cases, if we unfortunately discover a data leak, we will immediately activate our emergency response mechanism and send a warning notification to you through your reserved contact information within 24 hours of confirmation, providing a written explanation within 72 hours that includes event details, impact scope, response measures, and recommended protective steps. Our response process strictly follows the requirements of applicable laws and regulations such as the Cybersecurity Law and GDPR, and we commit to maintaining transparent communication throughout the handling process, timely updating progress until the incident is fully resolved. You can check the status of the incident handling at any time through designated channels.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.