Data Protection Policy

Last updated: June 2024

1. Overview

Nanjing Shunheng Information Technology Co., Ltd. ("Shunheng ERP") is committed to protecting the confidentiality, integrity, and availability of all data processed through our platform. This Data Protection Policy (DPP) outlines the technical and organizational measures we implement to safeguard data, in compliance with applicable laws and Amazon's Acceptable Use Policy Section 4.5.

2. Scope

This policy applies to all data processed by Shunheng ERP, including:

3. Data Encryption

3.1 Encryption in Transit

All data transmitted over networks is protected using TLS 1.2 or higher protocols. This includes:

3.2 Encryption at Rest

All data stored in our systems is encrypted using AES-256 encryption. This includes:

4. Access Control

4.1 Role-Based Access Control (RBAC)

We implement strict role-based access control with the principle of least privilege:

4.2 Authentication

5. Data Retention and Deletion

5.1 Retention Schedule

5.2 Data Deletion

Upon termination of service or upon user request:

6. Incident Response

6.1 Incident Detection and Reporting

6.2 Incident Response Plan

  1. Detection & Assessment — Identify and classify the incident
  2. Containment — Isolate affected systems to prevent spread
  3. Eradication — Remove the root cause
  4. Recovery — Restore systems from verified clean backups
  5. Post-Mortem — Root cause analysis and preventive measures

7. Subprocessor and Third-Party Vendors

We engage trusted third-party service providers for infrastructure and operations:

All subprocessors are subject to contractual data protection obligations and are regularly audited.

8. Compliance

We comply with applicable data protection regulations including:

9. Contact

For questions or concerns regarding data protection, please contact our security team:

Email: support@shunhengerp.com
Nanjing Shunheng Information Technology Co., Ltd.
3A048 Yindu Jinchuang Plaza, No.2 Shuiximen Street, Qinhuai District, Nanjing, China