Security Policy

Last Updated: January 15, 2025

Yonglong Inc. (the 'Company') prioritizes the security of customer personal information and data. This Security Policy describes the comprehensive security measures and policies implemented in the SalesGenius Pro service.

Security Overview

We have built an enterprise-grade security system to protect customer data. All security measures comply with international standards and are continuously monitored and improved.

Technical Security Measures

We implement the following technical security measures:

Real-time Anomaly Detection: 24/7 monitoring of suspicious access patterns and abnormal activities
Multi-Factor Authentication (MFA): Additional security layers for account access
Data Encryption: End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256)
Access Control: Role-based access control (RBAC) implementing principle of least privilege
API Protection: Intelligent rate limiting and abuse prevention systems
Security Audits: Regular vulnerability assessments and penetration testing
Log Monitoring: Comprehensive logging and analysis of all system activities
Automated Backups: Regular backup and recovery systems to prevent data loss

Data Protection

Customer data is protected through the following methods:

Data Classification: Data classification by sensitivity with differential security application
Data Masking: Automatic masking of personally identifiable information
Data Minimization: Collection and processing of only necessary minimum data
Data Retention: Compliance with legal requirements for data retention periods
Secure Deletion: Complete deletion in an unrecoverable manner when data is deleted

Access Control

System access is strictly controlled:

Principle of Least Privilege: Granting only minimum necessary permissions for job functions
Regular Permission Reviews: Quarterly user permission reviews and adjustments
Access Logging: Detailed logging of all system access
Abnormal Access Detection: AI-based detection and blocking of abnormal access patterns
Session Management: Secure session management and automatic logout

Security Incident Response

In case of security incidents, we respond as follows:

Immediate response team activation and incident isolation
Impact scope analysis and damage minimization measures
Notification to relevant authorities and customers within 72 hours
Root cause analysis and recurrence prevention measures
Post-incident security enhancement measures

Regulatory Compliance

We comply with the following international security standards and regulations:

GDPR (General Data Protection Regulation): Full compliance with EU privacy laws
PCI DSS (Payment Card Industry Data Security Standard): Compliance with payment information security standards
SOC 2 Type II: Security, availability, and processing integrity control certification
ISO 27001: Compliance with international information security management system standards
Personal Information Protection Act: Compliance with Korean personal information protection laws

Employee Security

All employees receive security training and comply with the following:

Regular security training completion
Security pledge writing and compliance
Minimization of personal information processing authority
Immediate reporting obligation for security incidents
Immediate revocation of all access rights upon resignation

Third-Party Vendor Management

We ensure security when collaborating with third-party vendors:

Vendor security assessment and certification verification
Data processing agreement execution
Regular security audits
Security incident sharing and response system establishment

Continuous Improvement

Security systems are continuously improved:

Monthly security risk assessments
Quarterly security policy reviews
Annual penetration testing
Latest security threat information monitoring
Security technology updates and patch application

User Responsibilities

Users must comply with the following security guidelines:

Use strong passwords and change them regularly
Enable multi-factor authentication
Report suspicious activities immediately
Maintain personal account information security
Refrain from sensitive operations on public networks

Security Inquiries

For security-related inquiries or reports, please contact:

Email: support@salesgenius.pro

Address: Yonglong Inc., 165 Misagangbyeon-ro, BA0816, Hanam-si, Gyeonggi-do, Republic of Korea

Phone: +82-2-583-8857

Emergency Contact: Security Incident Report: support@salesgenius.pro

安全政策