🔒 Low code security and compliance

Security and Compliance Programs for Low-Code Platforms, Including data security, access control, Compliance certification, etc., Ensure enterprise application security and compliance.

🔒 Safety Features

🛡️

data security

• data encryption: Support for transmission encryption(SSL/TLS)and storage encryption(AES-256), Ensuring data security during transmission and storage

• data backup: Provide automatic data backup mechanisms, Supports regular and off-site backups, Ensuring data security

• Data desensitization: Supports desensitization of sensitive data, Protecting private user information

• Data Access Control: Fine-grained role-based data access control, Ensure that users can only access authorized data

🔐

access control

• authenticate: Support for user name and password, LDAP, OAuth2.0, SAMLVarious authentication methods such as

• Role Authorization: on the basis ofRBAC(Role-based access control)mould, Supports fine-grained privilege management

• multi-factor authentication: Support SMS verification code, CAPTCHA, Enterprise WeChat and other multi-factor authentication methods

• Session Management: Support session timeout control, session lock, Session auditing and other features

📋

Audit log

• Operational Audit: Logging of all user actions, Includes login, abort, data modification, Permission changes, etc.

• Log Storage: Supports long-term storage and backup of audit logs, Meet compliance requirements

• log analysis: Provide access to audit logs, Analysis and visualization capabilities

• anomaly detection: Supports abnormal behavior detection and alerts based on audit logs

🌐

network security

• network isolation: be in favor ofVPCnetwork isolation, Ensure the security of the application runtime environment

• firewalls: internally installedWAF(Webapplication firewall), defendSQLpour into, XSSand other common attacks

• DDoSdefend: be in favor ofDDoSprotection against attacks, Ensure application availability

• APIsurety: be in favor ofAPIKey Management, Request Frequency Limit, signature verification, etc.APIsecurity measure

📜 Compliance Certification

🏆

ISO27001Information Security Management System Certification

Our low-code platform has been approved byISO27001Information Security Management System Certification, Demonstrate that we meet international standards in information security management.

📅 Date of accreditation: 2025 June

🏆

Equalization Level 3 certification

Our low-code platform has passed the Information System Security Level Protection Level 3 certification, Compliance with national requirements for non-bank financial institutions, Information security requirements for key industries.

📅 Date of accreditation: 2025 August

🏆

ISO27701Privacy Information Management System Certification

Our low-code platform has been approved byISO27701Privacy Information Management System Certification, Demonstrate that we meet international standards for user privacy protection.

📅 Date of accreditation: 2025 October

🏆

SOC2 Type IIaccreditation

Our low-code platform has been approved bySOC2 Type IIaccreditation, Prove we're on the safe side, usability, Processing integrity, Meets industry standards for confidentiality and privacy.

📅 Date of accreditation: 2025 December

📊 compliancy

Industry Compliance

financial industry

in line with《Information Security Level Protection Evaluation Requirements for Financial Institutions》, 《Guidelines on IT Risk Management for Commercial Banks》and other financial industry compliance requirements

Healthcare industry

in line with《Measures for the Security Management of Big Data in Healthcare》, 《Regulations on the Management of Medical Records in Medical Institutions》and other healthcare industry compliance requirements

Government sector

in line with《Implementation Program for Integration and Sharing of Government Information Systems》, 《Guidelines for the Development of Government Websites》and other governmental industry compliance requirements

Data Privacy Compliance

• GDPRcompliance: Complies with EU《General Data Protection Regulation》(GDPR)exclusionary rule, Protecting the data privacy of EU citizens

• Personal Information Protection Act: in line with《Personal Information Protection Law of the People's Republic of China》exclusionary rule, Protection of Personal Information of Chinese Citizens

• Data localization: Supports localized data storage, Compliance with national and regional data localization requirements

💡 Security Best Practices

1️⃣

Periodic security assessments

Regular security assessments and penetration tests, Timely identification and remediation of security vulnerabilities

2️⃣

Security awareness training

Security awareness training for developers and users, Improvement of security awareness

3️⃣

least authority principle (LAP)

Follow the principle of least privilege, Grant the user only the minimum privileges needed to complete the task

4️⃣

Security configuration baseline

Establishment of a security configuration baseline, Ensure that system configurations comply with security best practices

5️⃣

Emergency Response Plan

Development of a security emergency response plan, Ensure timely response and handling of security incidents as they occur

❓ common problems

1. How secure is the low-code platform?

Our low-code platform utilizes a multi-layered security architecture, Includes data encryption, access control, Audit log, Various security measures such as network security, approvedISO27001, Isoclass III, ISO27701, SOC2 Type IIand many other safety certificates, Ensure enterprise application security and compliance.

2. How Low-Code Platforms Protect User Data?

Our low-code platform is encrypted with data, data backup, Data desensitization, Data access control and other ways to protect user data, Ensuring data security during transmission and storage, while at the same time meetingGDPR, Personal Information Protection Law and other data privacy compliance requirements.

3. Whether low-code platforms meet industry compliance requirements?

yea, Our low-code platform meets the financial, medical care, Compliance requirements for a number of industries, including government, e.g. "Information Security Level Protection Evaluation Requirements for Financial Institutions》, 《Measures for the Security Management of Big Data in Healthcare》, 《Implementation Program for Integration and Sharing of Government Information Systems", etc.

4. How low-code platforms handle security breaches?

We have established a comprehensive security breach management process, Includes vulnerability discovery, Vulnerability Assessment, Vulnerability Repair, Vulnerability release and other links. We conduct regular security assessments and penetration tests, Timely identification and remediation of security vulnerabilities, and distributed to users by means of a security bulletin.

5. How Organizations Can Secure Low-Code Applications?

Organizations can ensure the security of low-code applications in the following ways: 1)Follow security best practices, e.g. the principle of least authority, Security configuration baseline, etc.; 2)Security awareness training for developers and users; 3)Regular security assessments and penetration tests; 4)Establishment of a security emergency response plan; 5)Use the security features we offer, e.g. data encryption, access control, Audit logs, etc..