安全承諾
最後更新 2025-11-12
每一位使用者的敏感資訊都值得被妥善保護。以下內容概述了 AskCc 的安全實踐。
1. 基礎設施安全
AskCc 部署在多可用區雲環境中,所有服務均啓用自動擴縮容與冗余備份,確保在單點故障時仍可穩定運行。
我們定期執行滲透測試與漏洞掃描,並根據 CVSS 等級在 SLA 規定時間內完成修復。
2. 應用與接口
管理端強制啓用 MFA 與細粒度權限控制,同時支援企業客戶的 SSO/SAML 集成。
API 呼叫需要攜帶短期有效的訪問令牌,令牌只具備最小必要權限,並可在控制台即時吊銷。
3. 監控與響應
我們即時監控關鍵指標與異常行為,一旦發現潛在入侵、濫用或資料外洩風險,會立即啟動應急響應流程。
發生影響您的安全事件時,我們會在最短時間內通過產品內通知或郵件向指定聯繫人通報,並提供整改建議。
4. 客戶協同
企業客戶可申請安全評估材料(如滲透測試報告、合規認證等),並與我們共同完成安全加固計劃。
若您發現漏洞或薄弱環節,歡迎通過 security@pyznai.com 告知,我們會在確認後盡快修復並致謝。
Security FAQ
Is AskCc data encrypted?
AskCc describes encrypted transport and encrypted storage as part of its security posture. The exact protection also depends on the product partition, configured cloud services, and the user account workflow in use.
Who can access production data?
AskCc limits production access to authorized operational needs such as support, reliability, abuse prevention, or legal compliance. Access should be role-based, logged where appropriate, and kept narrower than general product analytics.
What happens if there is a security incident?
AskCc investigates reported security events, works to contain and remediate confirmed issues, and notifies affected users or authorities when required by law, contract, or product policy.
How do I report a vulnerability or security concern?
Send details to support@pyznai.com, including affected pages, accounts, reproduction steps, and any evidence you can safely share. Avoid accessing other users' data or disrupting the service while reporting an issue.