PII Data Handling Policy

  • Collected
    • The encrypted shipping data would be collected with API along with order information.
  • Processed
    • The data would be encrypted with 256bit AES before stored.
  • Stored
    • The encrypted data would be stored in SQL Server in the cloud.
    • All PII data would be stored in a stand alone server with 3 database instances located on 3 disks.
      • Instance A in cloud disk A.
      • Instance B in cloud disk B.
      • Instance C in cloud disk C.
    • Only one of the DB instance is working in production.
    • Every 10 days the production instance will switch to next DB instance.
    • Here's the process of switching (e.g. Instance B switching to instance C).
      • The DB of instance C would be dropped, all files would be deleted.
      • Disk C would be "Cleared" with third party software "Eraser" to to a Clear the data permanently.
      • The disk C would be formatted.
      • A new DB would be created as Instance C in the disk.
      • The data of unshipped orders would be transferred from instance B to instance C that is just created.
      • Instance C would go live, and instance B would go offline.
  • Used
    • The encrypted data would be transferred to the client. The client would decrypt the encrypt data key with a master key, and use the data key to decrypt the data.
  • Shared
    • Only when creating shipping labels with the UPS/FedEx/Stamps API.
  • Disposed
    • The disk with PII data and it's backup would be formatted 20~30 days after the shipping, by automating data clear task running every 10 days.
Local Office Contact info