Effective Date: July 2026
1. Objective
This policy defines how [Your Organization Name] classifies sensitive information and ensures the confidentiality of data through industry-standard encryption protocols.
2. Data Classification
To implement appropriate security measures, we classify all data into the following levels:
| Classification | Description | Examples |
|---|---|---|
| Level 1 (Public) | Information intended for public consumption. | Product descriptions, marketing materials. |
| Level 2 (Internal) | Information for internal use only. | Internal inventory records, operational workflows. |
| Level 3 (Restricted) | Sensitive personal data requiring high security. | Customer order info, shipping addresses, API credentials. |
2. Encryption Standards
We strictly adhere to the following encryption mandates to prevent unauthorized data access:
- Data in Transit (Transmission): All data transmitted between our servers and external platforms (TikTok Shop/AliExpress API) is strictly encrypted using TLS 1.2 or higher.
- Data at Rest (Storage): All sensitive personal data (Restricted Level) stored in our local
NocoDBorMySQLdatabases is encrypted using AES-256 (exceeding the AES-128 requirement). - Key Management: Encryption keys are managed securely and rotated periodically to minimize the impact of potential key exposure.
3. Compliance Implementation
Our automation system (n8n) is configured to prioritize secure connections by default. Any third-party service or internal script attempting to communicate via unencrypted protocols (e.g., HTTP) is automatically rejected by our gateway firewall.
Internal Data Governance | Review Date: July 2026