Data Privacy & Security

1 Our Commitment

At #divisions, we treat data privacy as a fundamental right, not an afterthought. We design every system with privacy-by-default and security-by-design principles. Our team is committed to maintaining the highest standards of data protection while delivering innovative technology solutions.

2 Information We Collect

We only collect data necessary to deliver, secure, and improve our services. Collection occurs transparently with clear consent or legitimate business interest.

2.1 Directly Provided Data

• Account Information: Name, email, organization, and authentication credentials.
• Usage Data: Service configuration, feature interactions, and performance metrics.
• Support Communications: Tickets, emails, and chat logs for troubleshooting.

2.2 Automatically Collected Data

• Technical Metrics: IP address, browser type, device identifiers, and session timestamps.
• Security Logs: Authentication attempts, API access patterns, and anomaly detection signals.

3 Usage & Retention

Data is processed solely for service delivery, security monitoring, compliance reporting, and product improvement. We employ strict data minimization and retention schedules.

• Active Accounts: Data retained while your subscription is active.
• Terminated Accounts: Data securely deleted within 30 days, or longer if required by legal/financial obligations.
• Analytics & Aggregated Data: De-identified and used strictly for system optimization. Cannot be reverse-identified.

4 Security Infrastructure

Our security architecture follows zero-trust principles, defense-in-depth strategies, and continuous threat monitoring.

4.1 Encryption

• In Transit: TLS 1.3 enforced across all endpoints and API routes.
• At Rest: AES-256 encryption for databases, backups, and object storage.
• Key Management: Hardware Security Modules (HSMs) and automated key rotation.

4.2 Access & Monitoring

• Role-Based Access Control (RBAC) with principle of least privilege.
• Multi-Factor Authentication (MFA) mandatory for all internal & customer admin accounts.
• 24/7 SOC monitoring with automated incident response playbooks.
• Quarterly penetration testing by independent third parties.

5 Your Rights & Control

Depending on your jurisdiction, you have the right to:

1. Access & Export: Request a machine-readable copy of your data.
2. Correction: Update inaccurate or incomplete information.
3. Deletion: Request permanent removal, subject to legal retention requirements.
4. Restriction & Portability: Limit processing or transfer data to another provider.
5. Opt-Out: Manage marketing communications and non-essential analytics.

All requests are processed within 30 days. You can manage preferences directly in your dashboard or contact our Data Protection Officer.

6 Compliance & Certifications

#divisions maintains rigorous compliance frameworks to meet global regulatory standards and enterprise requirements.

• Data Processing Agreements (DPA): Available upon request for enterprise clients.
• Subprocessor Transparency: We publish and notify changes to our vendor chain.
• Incident Notification: Affected users notified within 72 hours of confirmed breaches.
• Regional Data Residency: EU, US, and APAC infrastructure options available.

7 Updates & Contact

We may update this policy to reflect changes in technology, regulations, or business practices. Material changes will be communicated via email or in-app notification at least 14 days before生效.