HTAP Summit 2024 session replays are now live!Access Session Replays
Access Control

Access Control and User Provisioning

We take additional steps to protect personal data by implementing strict user provisioning protocols. These safeguards ensure that only authorized individuals have access to sensitive information, providing full control and visibility over data access.

Monitoring

Proactive Monitoring and Threat Protection

Our dedicated privacy and security teams continuously monitor for potential threats, proactively safeguarding your data. We focus on maintaining the highest standards of privacy and security across all of our systems.

Data Sovereignty

Log Redaction

Detailed log information might contain sensitive data (for example, user data). To avoid such risk, each component (TiDB, TiKV, and PD) provides a configuration item that enables log redaction to shield user data values. Enabling this protects the privacy of customer data, including any personal data.

Privacy Standards

Industry-Leading Security Standards

We comply with globally recognized privacy and security standards, including PCI-DSS, ISO 27001/27701, HIPAA, the EU Cloud Code of Conduct (EU COC), and SOC 1, SOC 2, and SOC 3. Our compliance with these frameworks reflects our commitment to data protection at the highest levels.

Robust Encryption

Encryption Keys

Customer-Managed Encryption Key (CMEK) allows you to secure your static data in a TiDB Cloud Dedicated cluster by utilizing a symmetric encryption key that is under your complete control. This key is referred to as the CMEK key.
Once CMEK is enabled for a project, all clusters created within that project encrypt their static data using the CMEK key. Additionally, any backup data generated by these clusters is encrypted using the same key. If CMEK is not enabled, TiDB Cloud employs an escrow key to encrypt all data in your cluster when it is at rest.

CTA
Read the Documentation to Learn How We Keep Your Data Secure.

Learn More