As a leading provider of smart lock and lockbox solutions, Populife is deeply committed to maintaining the highest standards of data privacy and security. Our mission is to provide not only convenient, but also highly secure smart lock products that our customers can trust. Our reputation is built on a solid foundation of trust, and a crucial part of earning that trust involves ensuring the integrity, confidentiality, and security of our customers' data.
In the context of this document, the term 'Populife' represents the full company name. This document delineates the measures Populife employs to safeguard data, our approach towards maintaining these standards, and our commitment to adapt and evolve our security strategies as per the changing technology landscape and regulatory requirements.
Data Collection and Processing
Upon user consent, Populife gains access to the camera and album permissions to collect images for user avatars. We also collect email addresses or phone numbers for account management. All such data is encrypted during transmission and stored securely.
With the user's consent, we collect contact information for sharing virtual keys for lock devices. However, no contact information is stored.
With user approval, we access location or nearby device permissions. We do not store user location information; this information is used temporarily for lock device related functions only.
For identity authentication, we use device-collected user fingerprints. We do not store any user fingerprint data; this data is only valid on the local device.
We only collect and store necessary data, such as device ID and passwords, with user consent. Sensitive information like user IP addresses is not stored in the cloud. Once the user unbinds the Bluetooth device from the App, all data related to the device will be automatically cleared. Users can request us to delete their information and data, and we will comply actively.
Data Security and Protection
Our system platform has passed national financial system level security certification. Our servers are equipped with professional firewall systems, bastion hosts, and security certificates. All public network addresses use HTTPS secure protocol transmission.
On the application level, sensitive information is encrypted for storage. Password data uses irreversible independent encryption rule calculations. For identity verification, we employ login area detection, facial recognition, fingerprint unlocking, SMS verification codes, and other multi-layered security mechanisms to protect each user's information and data security.
Our cloud servers only open necessary ports and implement bastion hosts along with related identity authentication and authorization mechanisms. All cloud server operations must go through the bastion host, providing operation and maintenance audit functions to monitor and prevent illegal access to cloud servers.
We utilize Alibaba Cloud RDS high availability version for our cloud platform database, which ensures dual availability zones for primary and standby, performing full and incremental backups on a regular basis. This guarantees high availability of the database and permits access only from intranet servers to prevent information leaks caused by illegal external access.
Our cloud platform uses the HTTPS protocol for communication with clients and third-party platforms to ensure communication security. Communication with devices uses proprietary protocol and verification algorithms and adopts AES encryption for secure communication with devices.
Sensitive data, such as user passwords and lock data, is stored and transmitted using encryption to prevent leakage of sensitive data.
Identity Verification and Authorization
Our cloud platform business interface strictly performs user identity authentication and permission control to prevent unauthorized access and modification of data.
Third-Party Vendor Management
We entrust a third-party security company to conduct regular penetration testing on our cloud platform-related software and products and promptly repair related issues to ensure that our cloud platform software and products comply with the international security standards of OWASP (Open Web Application Security Project).
In conclusion, at Populife, we are committed to upholding the highest standards of data security and privacy. We implement a multi-layered approach, utilizing advanced encryption methods, rigorous access controls, regular audits, and other industry-standard practices to protect our users' data.
We believe that trust is an essential component of our service, and this extends to the way we handle and protect data. We always aim to be transparent with our users about our data practices and offer them control over their information.
We understand that data security is an ongoing process that requires constant vigilance and adaptation to the changing technology landscape. We continuously monitor our systems and update our practices as necessary, working closely with third-party security specialists to ensure our systems meet or exceed the latest industry standards.
We are committed to making the necessary changes to meet the higher security requirements of our clients for customized products, and will continue to prioritize data security in all our operations.