Enterprise-Grade
Security & Compliance
Enterprise-grade security and compliance standards to protect your data.
Enterprise-Grade Data Security
ISO 27001
ISO 27001 is an international standard for the Information Security Management System (ISMS) developed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a framework for organizations to properly conduct information asset protection and risk management, demonstrating the protection of information's "confidentiality," "integrity," and "availability."
SOC 2
SOC2 is a service organization security standard established by the American Institute of Certified Public Accountants (AICPA). It consists of five elements: "security," "availability," "processing integrity," "confidentiality," and "privacy." It assesses the security systems of service providers to verify the effectiveness of internal controls, thereby ensuring the protection of customer data.
APPI
The Act on the Protection of Personal Information (APPI) is a law designed to protect the personal information of Japanese citizens, with the purpose of safeguarding personal rights when enterprises are handling personal information such as customer data. The law stipulates that enterprises are obliged to obtain consent and record when providing personal information to third parties.
SSL
SSL (Secure Sockets Layer) is one of the protocols for encrypting data transmission and reception over IP networks such as the Internet. It encrypts data communication, preventing other devices on the network (such as relay devices) from eavesdropping on or tampering with the content of the communication.
Technical Measures
Data Backup and Disaster Recovery
DolphinVoice regularly performs data backups and securely stores backup data (such as on servers based on major Japanese cloud platforms) in the event of unforeseen circumstances. Additionally, Dolphin AI has established a disaster recovery plan that allows for a quick switch to backup systems or data centers in the event of a disaster.
Password Management Policy
DolphinVoice employs password hashing to ensure that user passwords are neither transmitted nor stored. All data, including audio and textual types, in the data center are encrypted according to standard protocols. Additionally, user data is anonymized to prevent unauthorized access or misuse.
Encryption of Data Transfer
DolphinVoice employs a secure protocol (HTTPS) to encrypt data transferred between the client and server. To safeguard against data theft and tampering, the data in transit is encrypted using a robust combination of symmetric and asymmetric key encryption techniques.
System Operations and Monitoring
DolphinVoice has implemented a strict monitoring system that tracks the performance and status of data processing in real time. It monitors key indicators such as traffic, processing time, and error rates, and has established appropriate warning mechanisms. This allows for the swift detection and resolution of potential issues and anomalies.
Operational Measures
Security Management
DolphinVoice has implemented strict security measures, employing mechanisms such as identity verification, access control, and permission management to restrict data processing authority. It also monitors and audits data access and manipulation.
Security Auditing
DolphinVoice has established a security audit mechanism to monitor and record the activities of the system and users, as well as access to and operations on confidential data. Additionally, a security monitoring system has been introduced to respond quickly to potential security threats and intrusions.
Testing and Validation
Before releasing each version, DolphinVoice conducts rigorous testing and verification, including unit testing, integration testing, and system testing, to ensure the reliability and stability of the data processing system under all circumstances.
Security Training
DolphinVoice provides regular security training within the company, educating employees on data security best practices, potential threat detection, and the importance of data protection. Additionally, users are encouraged to take proactive security measures, such as regularly changing passwords and avoiding logging in on shared devices.