Loading…
Loading…
Data Compliance
China's PIPL, EU GDPR, enterprise security standards — built into the architecture from day one.
Each pillar maps to verifiable engineering practice — not just slideware.
TLS 1.3 in transit · AES-256 at rest · sensitive fields (tokens, contact info) redacted via pino · backups encrypted with separate keys.
Only required fields are collected. AI context injection narrows by contextType. Users can hide specific fields from AI (shareWithAi boundary).
PostgreSQL deployed in mainland China. Backups stay in-country. Overseas user data uses GDPR-compliant cross-border channels.
AuditLog persists every sensitive op (perm change, order change, data export) forever. 90-day TTL on routine ops, then archived (not deleted).
25 roles + 91 permissions RBAC · Scope 3-tier isolation (global / org / personal) · 67 admin sub-modules permission-gated.
Overseas customer data follows GDPR Standard Contractual Clauses (SCC). Users can request data export and deletion (GDPR Article 17).
We reference major domestic and international privacy + security frameworks. Detailed mapping is in the DPA.
China
PIPL · Data Security Law · Cybersecurity Law · ICP Filing
EU / Global
GDPR (SCC cross-border) · ePrivacy · Cookie consent
Security
OWASP Top 10 · CIS Benchmark · 0 high CVE continuous audit
Reference these when signing contracts or running legal review.
Data collection, use, user rights, cookie handling
Legal agreement between user and platform · SLA · responsibility boundary
Cookie types, purpose, consent, opt-out path
B2B contract addendum · processor obligations · cross-border SCC clauses
Data subject requests (export / delete), compliance enquiries, enterprise RFP security questionnaires
Email Privacy / Legalprivacy@expomate.cn