We take additional steps to protect personal data by implementing strict user provisioning protocols. These safeguards ensure that only authorized individuals have access to sensitive information, providing full control and visibility over data access.
Our dedicated privacy and security teams continuously monitor for potential threats, proactively safeguarding your data. We focus on maintaining the highest standards of privacy and security across all of our systems.
Detailed log information might contain sensitive data (for example, user data). To avoid such risk, each component (TiDB, TiKV, and PD) provides a configuration item that enables log redaction to shield user data values. Enabling this protects the privacy of customer data, including any personal data.
We comply with globally recognized privacy and security standards, including PCI-DSS, ISO 27001/27701, HIPAA, the EU Cloud Code of Conduct (EU COC), and SOC 1, SOC 2, and SOC 3. Our compliance with these frameworks reflects our commitment to data protection at the highest levels.
Customer-Managed Encryption Key (CMEK) allows you to secure your static data in a TiDB Cloud Dedicated cluster by utilizing a symmetric encryption key that is under your complete control. This key is referred to as the CMEK key.
Once CMEK is enabled for a project, all clusters created within that project encrypt their static data using the CMEK key. Additionally, any backup data generated by these clusters is encrypted using the same key. If CMEK is not enabled, TiDB Cloud employs an escrow key to encrypt all data in your cluster when it is at rest.
