§ Legal

Data Security Practices

EFFECTIVE · 2026-04-01
JURISDICTION · Vietnam · TP.HCM
VERSION · v1.0
LANGUAGE · EN · VN on request

Introduction

At Kachersoft, data security is fundamental to our operations and central to maintaining our customers' trust. This document outlines our commitment to protecting your data and describes the security measures we implement throughout our organization and technical infrastructure. As an AI technology company, we handle various types of data and apply rigorous security controls to safeguard this information.

Organizational Security

Security Governance

  • We maintain a dedicated security team responsible for developing, implementing, and monitoring our security program
  • We conduct regular security risk assessments and implement continuous improvement processes
  • Our security policies are reviewed and updated at least annually

Employee Security

  • All employees undergo background checks (where legally permissible) prior to employment
  • Employees receive security awareness training upon hiring and regularly thereafter
  • Access to systems and data is granted on a need-to-know basis following the principle of least privilege
  • We enforce strong authentication requirements for all employees
  • Security responsibilities are clearly defined in employee agreements

Infrastructure Security

Data Center Security

  • Our production environment is hosted in enterprise-grade data centers with SOC 2 certification
  • Physical access to data centers is strictly controlled and monitored
  • Environmental controls include fire suppression, climate control, and backup power systems
  • We utilize redundant infrastructure to ensure high availability

Network Security

  • We implement network segmentation with defined security zones
  • All network traffic is monitored and logged
  • We employ intrusion detection and prevention systems
  • Regular vulnerability scanning and penetration testing are conducted
  • We maintain strong firewall rules and network access controls

System Security

  • All systems are hardened following industry-standard practices
  • Operating systems and applications are regularly patched
  • Anti-malware solutions are deployed on all applicable systems
  • System logs are centrally collected and monitored for security events
  • We implement host-based intrusion detection

Data Protection

Data Classification

  • We maintain a data classification system to ensure appropriate controls are applied based on data sensitivity
  • Each data category has defined handling procedures and security requirements
  • AI training data undergoes special review processes

Encryption

  • Data in transit is encrypted using TLS 1.2 or higher
  • Sensitive data at rest is encrypted using industry-standard algorithms
  • We implement strong key management practices
  • Database encryption is applied to protect sensitive information

Data Access Controls

  • Access to customer data is strictly limited to authorized personnel
  • We implement multi-factor authentication for accessing sensitive systems
  • All access attempts are logged and monitored
  • Regular access reviews are conducted

Data Retention and Disposal

  • We maintain a data retention policy that limits storage of personal data
  • Data is securely deleted when no longer needed
  • We use secure data destruction methods for physical media
  • Customers can request deletion of their data per our Privacy Policy

AI-Specific Security Measures

Model Security

  • AI models are developed with security considerations from inception
  • We conduct security reviews of models before deployment
  • Models are monitored for unexpected behavior or potential security issues
  • Training data pipelines include security controls

Training Data Protection

  • We implement robust controls to protect training datasets
  • Permission verification systems ensure proper data usage rights
  • De-identification techniques are applied where appropriate
  • Data lineage is tracked throughout the AI development lifecycle

Adversarial Defense

  • Our AI systems are designed with protections against common adversarial attacks
  • We continuously research potential vulnerabilities in AI systems
  • Regular testing helps identify and remediate potential attack vectors

Application Security

Secure Development

  • We follow secure software development lifecycle practices
  • Security requirements are defined at the beginning of development projects
  • All code undergoes security review before deployment
  • Regular code scanning is performed using automated tools
  • Third-party dependencies are regularly audited for security vulnerabilities

API Security

  • APIs are secured using strong authentication mechanisms
  • Rate limiting is implemented to prevent abuse
  • API access is monitored and logged
  • Regular security testing of APIs is conducted

Incident Response

Security Incident Management

  • We maintain a comprehensive security incident response plan
  • Our team is trained to identify, contain, eradicate, and recover from security incidents
  • Incidents are tracked, documented, and used to improve security measures
  • We conduct regular incident response drills

Breach Notification

  • In the event of a data breach, we will notify affected customers in accordance with applicable laws and regulations
  • Our notification process includes details on what happened, what information was involved, and steps we are taking
  • We maintain relationships with external security experts to assist if needed

Compliance

Regulatory Compliance

  • We stay informed about relevant data protection regulations
  • Our practices are designed to comply with applicable laws and regulations
  • We regularly review and update our compliance program

Security Certifications

  • We are committed to obtaining and maintaining relevant security certifications
  • Independent audits are conducted to verify our security controls
  • Compliance artifacts are available to customers upon request

Vendor Management

Third-Party Risk Management

  • We assess the security practices of our vendors before engagement
  • Contractual security requirements are included in vendor agreements
  • Vendor security is regularly reassessed
  • We limit vendor access to only what is necessary

Customer Security Controls

Security Features

  • Our services include security features that customers can configure
  • Documentation is provided on best practices for securing customer accounts
  • Customers can implement additional security controls based on their requirements

Security Reporting

  • Customers can report security concerns through dedicated channels
  • We maintain an open line of communication regarding security matters

Continuous Improvement

We are committed to continuously improving our security program through:

  • Regular review of security controls and practices
  • Keeping abreast of emerging threats and vulnerabilities
  • Learning from industry incidents and incorporating those lessons
  • Adopting new security technologies and methodologies as appropriate

Contact Information

For questions about our security practices or to report security concerns, please contact:

Email: security@kachersoft.com