At Chinafy, we understand the importance of protecting your customers' personal information
Introduction
We operate under the shared responsibility model and the least privilege principle, where Chinafy manages the security of the infrastructure, and customers are responsible for securing their data within their technical stack.
Beyond managing security rules related to this traffic, Chinafy primarily functions as a conduit for such data, the nature of which is entirely shaped by the design of the customer’s website or application and its interaction with the end user.
Our Commitment to your Privacy
What we do
We protect your data with encryption in transit and at rest employing numerous other GDPR safeguards, performing security testing, using secure software development practices, and following industry-accepted operational best practices.
Chinafy is designed for high performance and availability, and built on best-in-class core technologies such as AWS and Google Cloud, so that your organization can scale confidently and securely.
We are GDPR compliant, have PCI DSS certification and are ISO 27001 since October 2021.
We are committed to protecting the privacy of you and your customers' data, by providing various configuration options in addition to following industry best practices.
More on www.chinafy.com/trust
Your responsibilities
Below are some best practices we recommend taking to protect your end users' data. Kindly note these are drawn from general website best practices and not specific to the Chinafy platform.
Provided you adhere to these general web best practices, your personal information and that of your end users will not be read or stored accidentally by Chinafy’s optimisation and acceleration platform.
1. Transmit Personal Information Using POST Requests Only
When sending personal information, always opt for the POST method instead of GET. Unlike GET requests, POST keeps sensitive data out of the URL, helping to protect it from being visible in browser history or logged in server records. This is essential for safeguarding information such as names, addresses, phone numbers, or any other personally identifiable information (PII), as URLs are inherently visible to users.
2. Encrypt Cached Data Containing PII
Encrypt all PII stored in caches. Caching can improve site performance by temporarily storing data, but without encryption, it risks exposure if accessed in error. By encrypting cached data, you ensure that sensitive information remains protected even if a cache is unintentionally exposed.
3. Protect Login Credentials with Encryption
The login page is one of the most sensitive entry points on your site. Always use encryption to protect usernames and passwords during transmission. This is generally achieved using HTTPS to secure the connection between your website and your users. Additionally, you can apply form-level encryption to further ensure that sensitive data remains protected.
Need Help?
If you have any questions or need more details, we're here to help.
Comments
0 comments
Article is closed for comments.