Data Security Commitment
LaoZhang API is committed to protecting your data security and privacy, implementing industry-leading security measures. We are dedicated to providing secure and reliable AI technical API integration services.Cross-Border Data & User Responsibility
Data Transmission Statement
As a technical API integration service provider:- Data Flow: User requests are forwarded through our API to the corresponding model service providers
- Transmission Role: We only provide technical transmission channels, without processing, analyzing, or storing data content
- Neutral Position: We do not decide what data to transmit or interfere with data content
Core Positioning (3 Key Points)
Technical Service Positioning Statement- Data is uploaded at the customer’s own discretion
- We do not process, store, or analyze data content
- We only provide technical API transmission capabilities
User Responsibility & Compliance Terms
Important Legal StatementBy using this service, users confirm and agree:- Data Authorization Confirmation: Users confirm they have the right to transmit relevant data to overseas model service providers and bear their own data compliance obligations
- Data Legality: Users confirm that the data they upload and process does not contain personal information or sensitive data that violates applicable laws and regulations, or that they have obtained necessary authorization according to law
- Platform Positioning: This platform only provides technical API integration services and does not analyze, store, or reuse customer data
- Risk Assumption: Compliance risks arising from customer data content or cross-border data transmission are borne by the customer
Technical Architecture Assurance
This platform ensures data security at the technical architecture level:What We Explicitly Do NOT Do
Technical Level Guarantees- No Prompt Log Retention: We do not save user request content
- No Content Caching: We do not cache any input or output data
- No Model Fine-tuning: We do not use user data to train or fine-tune models
- No User Data Analysis: We do not perform any form of analysis on user content
- Token counts (for billing)
- Call timestamps
- Interface type and model name
- Response status codes
Recommended Usage
Safe Usage Recommendations- Data Desensitization: Desensitize sensitive information before transmission
- Internal Use: Prioritize use for enterprise internal systems and development testing
- Compliance Assessment: Complete internal compliance assessment before production use
- Authorization Confirmation: Ensure authorization to use and transmit relevant data
- Avoid Sensitive Data: Do not upload personal sensitive information, trade secrets, or other protected data
- Direct transmission of raw data containing personal identification information
- Commercially sensitive data without desensitization
- Third-party data without authorization
Core Security Measures
End-to-End Encryption
TLS 1.3 Encrypted TransmissionAll data transmissions use TLS 1.3 protocol encryption to ensure data security during transmission:- Latest encryption standard providing strong security protection
- Prevents data theft or tampering during transmission
- End-to-end encryption from user to server
Minimized Data Storage
Technical Transmission Channel Positioning Core advantages of LaoZhang API as a technical API integration service:- No Request Content Storage: Does not save your API request content (input and output)
- No User Data Viewing: Technical team cannot view specific conversation content
- Immediate Deletion: Content data cleared immediately after request processing
- Privacy First: Maximum protection of user privacy
Limited Logging
Basic Log Scope We only record essential information for billing and troubleshooting:- Model Name Used: For billing and service statistics
- Token Length Statistics: Input and output token counts
- Request Timestamps: For log analysis and troubleshooting
- Response Status: Success or error status records
- Specific conversation content
- User input text
- AI output responses
- Image or file content
- Personal identity information
Short-Term Log Retention
7-Day Retention PolicyLog Retention Period
Retention Period: Only 7 DaysConsiderations:- Data Security: Reduce data breach risk
- Resource Optimization: Optimize storage resource usage
- Privacy Protection: Minimize data retention time
- Compliance Requirements: Comply with data protection regulations
Access Control Mechanisms
Strict Permission Management
Authorized Access System- Least Privilege Principle: Only authorized technical personnel can access logs
- Anonymization: Accessed log data has been anonymized
- Necessity Review: Access only when necessary for troubleshooting
- Operation Records: Complete audit logs for all access operations
Technical Team Management
- Background Checks: Technical personnel undergo strict background investigations
- Confidentiality Agreements: Sign strict data confidentiality agreements
- Regular Training: Receive data security and privacy protection training
- Permission Rotation: Regular rotation and review of access permissions
Security Assurance System
Regular Security Audits
Continuous Security Improvement Security Assessment ContentLaoZhang API team regularly conducts comprehensive security assessments:- System Vulnerability Scanning: Regular checks for system security vulnerabilities
- Code Security Review: Review potential security risks in code
- Infrastructure Inspection: Assess server and network security
- Process Optimization: Continuously improve security management processes
Compliance Assurance
Regulatory Compliance Commitment- Data Protection Regulations: Strict compliance with GDPR, CCPA, etc.
- Industry Standards: Comply with technical service industry security standards
- Regulatory Requirements: Cooperate with relevant regulatory audits
- International Standards: Reference ISO 27001 and other international security standards
Security Best Practices
User-Side Recommendations
Recommendations for Enhanced Security- API Key Management
- Regularly rotate API Keys
- Don’t hardcode Keys in code
- Use environment variables to store sensitive information
- Sensitive Information Handling
- Avoid including sensitive personal information in requests
- Use desensitized data for testing
- Handle trade secrets carefully
- Network Security
- Use HTTPS protocol to access API
- Use services in a secure network environment
- Keep client software updated
Platform-Side Assurance
- Multi-Layer Protection: Deploy multi-layer security protection measures
- Real-Time Monitoring: 24/7 security monitoring and threat detection
- Emergency Response: Establish comprehensive security incident response mechanisms
- Backup Recovery: Regular backup and disaster recovery drills
Transparency Commitment
Security Incident Notification
If an event that may affect user data security occurs, we commit to:- Timely Notification: Notify users within 24 hours of discovering a security incident
- Detailed Explanation: Provide incident details and scope of impact
- Solution: Explain remedial measures taken
- Prevention Measures: Share subsequent prevention improvement measures
Technical Support
If you have any questions about data security, please contact our technical support team:Technical Support Contact
Technical Support- Email: support@laozhang.ai
- Data security policy explanation
- Privacy protection measures explanation
- Security best practices guidance
- Security incident reporting and handling