Platform Security平台安全

GDPR CompliantGDPR合规

Full compliance with the EU General Data Protection Regulation. We ensure complete data portability, the right to be forgotten, and transparent data processing across all operations. 完全遵守欧盟《通用数据保护条例》。我们确保完整的数据可移植性、被遗忘权以及所有运营中透明的数据处理。

No Third-Party AI无第三方AI

All AI capabilities are built on our proprietary models, hosted exclusively on our own servers. Your data never passes through third-party AI services, ensuring complete confidentiality. 所有AI功能均基于我们的专有模型构建,完全托管在自有服务器上。您的数据绝不会经过第三方AI服务,确保完全保密。

Data Encryption数据加密

Industry-standard AES-256 encryption protects all data at rest. All data in transit is secured with TLS 1.2 or higher, ensuring end-to-end protection for every interaction. 行业标准AES-256加密保护所有静态数据。所有传输中的数据均通过TLS 1.2或更高版本加密,确保每次交互的端到端保护。

Secure Infrastructure安全基础设施

Our infrastructure is monitored 24/7 with automated threat detection. Regular backups and full redundancy ensure your data is always available and protected against any disruption. 我们的基础设施实行全天候监控和自动威胁检测。定期备份和完全冗余确保您的数据始终可用,并防范任何中断。

Access Control访问控制

Granular role-based permissions ensure users only access what they need. Multi-factor authentication (MFA) adds an additional layer of security for all accounts. 精细的基于角色的权限管理确保用户仅访问所需内容。多因素认证(MFA)为所有账户增加额外的安全保障。

SSO & IntegrationSSO与集成

Enterprise single sign-on support with SAML 2.0 and OAuth. Secure API endpoints with token-based authentication for seamless integration with your existing systems. 支持SAML 2.0和OAuth的企业单点登录。基于令牌认证的安全API端点,与您现有系统无缝集成。

Data Sovereignty数据主权

Your Data, Your Control您的数据,您做主

Proprietary AI Models专有AI模型

All AI models are developed and maintained in-house. No client data is ever sent to external AI providers such as OpenAI, Google, or any other third-party service. 所有AI模型均为内部开发和维护。客户数据绝不会发送给OpenAI、Google或任何其他第三方服务的外部AI提供商。

Data Residency数据驻留

Choose where your data is stored. We offer data residency options in the EU and China to meet your regulatory requirements and internal policies. 选择数据存储位置。我们在欧盟和中国提供数据驻留选项,以满足您的监管要求和内部政策。

No Model Training不用于模型训练

Your data is never used to train our AI models or any third-party models. Client data remains strictly siloed and is used solely for delivering your platform experience. 您的数据绝不会用于训练我们的AI模型或任何第三方模型。客户数据严格隔离,仅用于提供您的平台体验。

Regular Backups定期备份

Automated daily backups with point-in-time recovery. All backups are encrypted and stored in geographically separate locations for maximum resilience. 自动每日备份,支持时间点恢复。所有备份均加密存储在地理上独立的位置,以确保最大弹性。

FAQ

Security Questions & Answers安全问答

Where is my data stored?我的数据存储在哪里?
Your data is stored in secure, certified data centres within the EU by default. For clients operating in China, we maintain a separate compliant infrastructure within the country. You can choose your data residency region based on your regulatory and operational requirements. 默认情况下,您的数据存储在欧盟内经过认证的安全数据中心。对于在中国运营的客户,我们在国内维护独立的合规基础设施。您可以根据监管和运营需求选择数据驻留区域。
Does ToldUntold use third-party AI?ToldUntold是否使用第三方AI?
No. All AI capabilities on the ToldUntold platform are powered by our proprietary models, developed and hosted entirely on our own infrastructure. Your data is never sent to OpenAI, Google, or any other external AI provider. 不会。ToldUntold平台上的所有AI功能均由我们自主研发的专有模型驱动,完全在自有基础设施上开发和托管。您的数据绝不会发送给OpenAI、Google或任何其他外部AI提供商。
What encryption standards do you use?你们使用什么加密标准?
All data at rest is protected with AES-256 encryption, the same standard used by financial institutions and government agencies. All data in transit is secured with TLS 1.2 or higher, ensuring end-to-end protection for every request and response. 所有静态数据均受AES-256加密保护,这与金融机构和政府机关使用的标准相同。所有传输中的数据均通过TLS 1.2或更高版本加密,确保每次请求和响应的端到端保护。
How do you control access to my data?你们如何控制对我数据的访问?
We implement strict role-based access controls (RBAC) following the principle of least privilege. Every user and administrator only has access to the data and functions required for their role. Multi-factor authentication (MFA) is enforced for all accounts. 我们实施严格的基于角色的访问控制(RBAC),遵循最小权限原则。每位用户和管理员仅能访问其角色所需的数据和功能。所有账户均强制启用多因素认证(MFA)。
Do you conduct security audits?你们是否进行安全审计?
Yes. We conduct regular security assessments including vulnerability scanning, penetration testing, and code reviews. Our infrastructure and processes are continuously evaluated to meet evolving security standards and compliance requirements. 是的。我们定期进行安全评估,包括漏洞扫描、渗透测试和代码审查。我们的基础设施和流程持续接受评估,以满足不断演进的安全标准和合规要求。
How are backups handled?备份是如何处理的?
We run daily automated backups of all platform data. Backups are encrypted using the same AES-256 standard and stored in geographically separate locations. Point-in-time recovery is available to restore data to any moment within the retention window. 我们对所有平台数据进行每日自动备份。备份使用相同的AES-256标准加密,并存储在地理上独立的位置。支持时间点恢复,可将数据恢复到保留窗口内的任意时刻。
Can I export my data?我可以导出我的数据吗?
Yes. We provide full data portability. You can export all of your data at any time in standard formats. This is part of our GDPR compliance commitment and ensures you always retain complete ownership of your information. 可以。我们提供完整的数据可移植性。您可以随时以标准格式导出所有数据。这是我们GDPR合规承诺的一部分,确保您始终保留对信息的完全所有权。
How do you handle China operations?你们如何处理中国运营?
We maintain a completely separate, compliant infrastructure for our China operations based in Shenzhen. This infrastructure meets all local data protection and cybersecurity regulations, with data stored entirely within mainland China. It operates independently from our EU infrastructure to ensure full regulatory compliance in both regions. 我们为位于深圳的中国业务维护完全独立的合规基础设施。该基础设施满足所有本地数据保护和网络安全法规,数据完全存储在中国境内。它独立于我们的欧盟基础设施运行,以确保两个区域的完全合规。
Have questions about security? Our team is ready to discuss your specific requirements. 对安全有疑问?我们的团队随时准备讨论您的具体需求。
Request a Demo预约演示