Technical and Organizational Measures for Data Protection

Defang Software Labs, Inc. is dedicated to protecting Customer Personal Data and ensuring compliance with all applicable data protection laws. We implement the following technical and organizational measures:

1. Access Control
   • Limited Access: Access to Customer Personal Data is restricted to authorized Defang personnel who require it to perform their job functions.
   • Authentication: Secure authentication methods are used for system access, strong password policies and MFA are enforced.
2. Data Encryption
   • In Transit: All Customer Personal Data transmitted over networks is encrypted using industry-standard protocols such as TLS/SSL.
   • At Rest: Where applicable, data stored on our systems is encrypted to prevent unauthorized access.
3. Data Minimization and Pseudonymization
   • Minimal Collection: We collect only the personal data necessary to provide our services.
   • Pseudonymization: Personal data is pseudonymized or anonymized when full details are not essential.
4. Employee Training and Confidentiality
   • Confidentiality Agreements: All employees sign confidentiality agreements as part of their employment terms.
   • Training: Employees receive training on data protection principles and are informed about their obligations under data protection laws.
5. Data Retention and Deletion
   • Retention Policy: Personal data is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law.
   • Secure Deletion: Upon request or termination of services, Customer Personal Data is securely deleted or returned.
6. Third-Party Service Providers
   • Due Diligence: We carefully select third-party providers to ensure they meet adequate data protection standards.
   • Data Processing Agreements: Contracts with third parties include data protection clauses to safeguard Customer Personal Data.
7. Physical and Environmental Security
   • Secure Hosting: Our systems are hosted on secure infrastructure with appropriate physical security controls, such as controlled access and environmental monitoring.
8. Regular Review and Updates
   • Policy Review: We periodically review and update our data protection policies and procedures to ensure ongoing compliance and effectiveness.
   • Security Assessments: Regular assessments are conducted to identify and mitigate potential vulnerabilities.
9. Accountability and Record-Keeping
   • Documentation: We maintain records of our data processing activities as required by applicable laws.
   • Compliance: Defang is committed to demonstrating compliance with data protection principles and regulatory requirements.

By implementing these measures, Defang aims to provide reasonable assistance to our customers in complying with their security obligations under applicable laws, taking into account the nature of our processing activities and the size of our organization.