Data Classification & Encryption Policy

Effective Date: July 2026

1. Objective

This policy defines how [Your Organization Name] classifies sensitive information and ensures the confidentiality of data through industry-standard encryption protocols.

2. Data Classification

To implement appropriate security measures, we classify all data into the following levels:

ClassificationDescriptionExamples
Level 1 (Public)Information intended for public consumption.Product descriptions, marketing materials.
Level 2 (Internal)Information for internal use only.Internal inventory records, operational workflows.
Level 3 (Restricted)Sensitive personal data requiring high security.Customer order info, shipping addresses, API credentials.

2. Encryption Standards

We strictly adhere to the following encryption mandates to prevent unauthorized data access:

  • Data in Transit (Transmission): All data transmitted between our servers and external platforms (TikTok Shop/AliExpress API) is strictly encrypted using TLS 1.2 or higher.
  • Data at Rest (Storage): All sensitive personal data (Restricted Level) stored in our local NocoDB or MySQL databases is encrypted using AES-256 (exceeding the AES-128 requirement).
  • Key Management: Encryption keys are managed securely and rotated periodically to minimize the impact of potential key exposure.

3. Compliance Implementation

Our automation system (n8n) is configured to prioritize secure connections by default. Any third-party service or internal script attempting to communicate via unencrypted protocols (e.g., HTTP) is automatically rejected by our gateway firewall.

Internal Data Governance | Review Date: July 2026