Security & Compliance

Effective date: Jan 15, 2026

Introduction

To ensure user data and service security, Tezign has established a full-link security system covering SLA availability, data security, compliance certification, and privacy protection:

I. SLA & Availability Assurance

• Service availability commitment reaches 99.9%, providing 7×24 hour response support, and establishing a 'tiered response mechanism' for business-level faults;

• Service stability is guaranteed through technologies such as global CDN acceleration and disaster recovery clusters, supporting concurrent access for 100,000-level users;

• Deploy global monitoring nodes, combined with alarm schemes and performance monitoring systems, to achieve real-time tracking of service status.

II. Data Security Assurance

1. Data Encryption: Implement data encryption based on Aliyun KMS capabilities, support multi-tenant data isolation, and ensure transmission security through TLS/SSL protocols;

2. Data Backup: Adopt full + incremental backup mechanisms, multi-copy distributed storage, and off-site disaster recovery to ensure rapid recovery in case of data center abnormalities;

3. Security Penetration: Conduct penetration testing in conjunction with third-party security platforms, establish a secure development lifecycle process, and avoid vulnerability launches;

4. Internal Risk Control: Follow international standards such as ISO27001, achieve separation of development, operation and maintenance, and DBA permissions, ensure full auditability of operations, and meet compliance traceability requirements.

III. Compliance Certification

Tezign has passed multiple authoritative security certifications, covering information security, cloud services, quality management, and other fields:

• SOC2 type 1 Independent Security Audit

• ISO27001 Information Security Management Standard

• ISO27017 Cloud Service Information Security Management System

• Information System Security Level Protection (Level 3)

• ISO9001 Quality Management System

• GB/T29490 Intellectual Property Compliance Management System

• Generative AI Service Compliance (Large Model Filing + Algorithm Filing)

IV. Privacy Protection

1. Data Collection: Principle of Minimum Necessity

Only collect the minimum information required for business development, do not collect user behavior trajectories or sensitive personal content (such as ID numbers, bank card numbers, etc.) through Cookies, burying points, etc.; explicitly inform users of the purpose before collection and obtain user express consent.

2. Data Processing: Strict Compliance Control

Strictly respect users' ownership and control over their data, do not use user data for any unauthorized scenarios; users can apply to access, modify, supplement, or delete their own data at any time through official service channels (including platform backend function entrances, customer service hotlines, compliance consultation emails).