Our security measures

• Product safety

  Shence strictly follows the security development lifecycle process management in the product development process, embeds security and privacy requirements in every stage of product development, and effectively reduces the number of product security vulnerabilities and actual security risks by implementing various security control measures, thus helping Shence build a more secure product.

  In addition to regularly conducting security tests on all online Shence products, Shence security team also invited professional security manufacturers in the industry to conduct mass testing and practical attack and defense drills to discover potential security vulnerabilities of products from multiple perspectives, improve the overall security of Shence products and bring value to customers.

  

  Product safety

  Shence strictly follows the security development lifecycle process management in the product development process, embeds security and privacy requirements in every stage of product development, and effectively reduces the number of product security vulnerabilities and actual security risks by implementing various security control measures, thus helping Shence build a more secure product.

  In addition to regularly conducting security tests on all online Shence products, Shence security team also invited professional security manufacturers in the industry to conduct mass testing and practical attack and defense drills to discover potential security vulnerabilities of products from multiple perspectives, improve the overall security of Shence products and bring value to customers.

  

• 

  Operational safety

  Shence has developed a strict access control process. Through role-based access control, it controls system resources according to the minimum permission requirements. All operations are recorded in detailed logs for internal and external personnel to audit.

  Without the authorization of the customer, Shence employees have no access to customer data and have no right to access customer data. Troubleshooting or problem solving can only be carried out with the authorization of the customer according to the customer's needs and the temporary authority provided by the customer. Shence will closely monitor such authorized access behavior and terminate the access right in a timely manner after the problem is solved.

  Operational safety

  Shence has developed a strict access control process. Through role-based access control, it controls system resources according to the minimum permission requirements. All operations are recorded in detailed logs for internal and external personnel to audit.

  Without the authorization of the customer, Shence employees have no access to customer data and have no right to access customer data. Troubleshooting or problem solving can only be carried out with the authorization of the customer according to the customer's needs and the temporary authority provided by the customer. Shence will closely monitor such authorized access behavior and terminate the access right in a timely manner after the problem is solved.

  

• Event response

  Shence has established a mature security incident management mechanism, which can immediately start the emergency response process when an incident occurs, respond to security incidents quickly, effectively and orderly, and minimize the impact of security incidents. After the event is handled, Shence will review the event to reduce the possibility of recurrence. In case of a personal information security incident, the customer will be informed of the basic situation of the security incident, the possible impact and the measures taken.

  

  Event response

  Shence has established a mature security incident management mechanism, which can immediately start the emergency response process when an incident occurs, respond to security incidents quickly, effectively and orderly, and minimize the impact of security incidents. After the event is handled, Shence will review the event to reduce the possibility of recurrence. In case of a personal information security incident, the customer will be informed of the basic situation of the security incident, the possible impact and the measures taken.

  

• 

  Vulnerability management

  Shence has a perfect vulnerability management strategy. It monitors internal/external security vulnerabilities and threat intelligence through a variety of segments, studies, judges and disposes of vulnerabilities and threat intelligence information related to Shence software products, and conducts vulnerability life-cycle management in strict accordance with the process mechanism of "responsibility to people, timeliness and process visualization", Ensure that all security vulnerabilities can be resolved in a timely manner.

  Vulnerability management

  Shence has a perfect vulnerability management strategy. It monitors internal/external security vulnerabilities and threat intelligence through a variety of segments, studies, judges and disposes of vulnerabilities and threat intelligence information related to Shence software products, and conducts vulnerability life-cycle management in strict accordance with the process mechanism of "responsibility to people, timeliness and process visualization", Ensure that all security vulnerabilities can be resolved in a timely manner.

  

• data security

  data collection

  Shence strictly abides by the principle of "legality, legitimacy and necessity" when collecting data, and informs and explains the rules concerning the use of personal information rights and the purpose, method and scope of personal information processing through privacy policies and other ways. After obtaining the authorization and consent of the end user, Shence starts to collect personal information.

  data transmission

  After data collection, Shence software products support cache encryption of collected data. When transmitting collected data, link encryption or data encryption can be used for data transmission to ensure the security of transmitted data.

  data storage

  Shence software products fully consider the problem of data leakage prevention in the data storage phase, and can effectively prevent the risk of data leakage caused by internal and external malicious acts by encrypting the inbound data.

  data sharing

  Shence should take effective measures to prevent data leakage risks and ensure data security in the process of data sharing. Shence products follow the principle of minimization, fully consider the balance between data availability and security, and provide data desensitization display, data watermarking and other ways to help customers reduce the risk of data leakage.

  Data deletion and destruction

  Shence software products provide you with an opt out mechanism in strict accordance with the requirements of relevant laws and regulations. When Shence users or personal information subjects do not want to use the data products and data services provided by Shence, they can stop the data collection function of Shence SDK, and use the data cleaning function provided by Shence products to delete data, Data deletion supports two functions: batch deletion of imported event data and deletion of user data based on user ID.

  

  data security

  data collection

  Shence strictly abides by the principle of "legality, legitimacy and necessity" when collecting data, and informs and explains the rules concerning the use of personal information rights and the purpose, method and scope of personal information processing through privacy policies and other ways. After obtaining the authorization and consent of the end user, Shence starts to collect personal information.

  data transmission

  After data collection, Shence software products support cache encryption of collected data. When transmitting collected data, link encryption or data encryption can be used for data transmission to ensure the security of transmitted data.

  data storage

  Shence software products fully consider the problem of data leakage prevention in the data storage phase, and can effectively prevent the risk of data leakage caused by internal and external malicious acts by encrypting the inbound data.

  data sharing

  Shence should take effective measures to prevent data leakage risks and ensure data security in the process of data sharing. Shence products follow the principle of minimization, fully consider the balance between data availability and security, and provide data desensitization display, data watermarking and other ways to help customers reduce the risk of data leakage.

  Data deletion and destruction

  Shence software products provide you with an opt out mechanism in strict accordance with the requirements of relevant laws and regulations. When Shence users or personal information subjects do not want to use the data products and data services provided by Shence, they can stop the data collection function of Shence SDK, and use the data cleaning function provided by Shence products to delete data, Data deletion supports two functions: batch deletion of imported event data and deletion of user data based on user ID.