CATEGORY H PRIVACY POLICY MODULE
Last updated: 2025-11-03 16:14:32
1. Introduction
This Privacy Policy Module (“Module”) applies if you use the following features: Tencent Cloud International Web Application Firewall, Anti-DDoS, Data Security Governance Center/ T-Sec Data Security Center, Vulnerability Scan Service, Customer Identity and Access Management, Penetration Testing Service, Captcha, Tencent Cloud Firewall, Tencent Ecard, Key Management Service, Tencent Container Security Service, Bastion Host, Payment Risk Management, and Security Service Platform (collectively, “Features”).
This Module is incorporated into the privacy policy (“Privacy Policy”). Terms used but not defined in this Module shall have the meaning given to them in the Privacy Policy. In the event of any conflict between the Privacy Policy and this Module, this Module shall apply to the extent of the inconsistency.
2. Controllership
The controller of the personal data described in this Module is as specified in the Privacy Policy.
3. Personal Data We Collect
We may collect, receive, store and otherwise process the following personal data about you:
Data Category | Details |
Configuration Data | Configuration and settings including access service domain name, return and target source, rules and parameters, vulnerability classification, network and system attributes, service and security settings for the Features. |
Diagnostic and Usage Data | Information of the software or hardware related to performance, users' activities, network connections, business traffic, attack statistics, tasks, scan, server, container, cluster, access and operations logs, any problem you experience, error reports, your settings, connectivity and updates. |
Threat Intelligence Information | Data about potential and confirmed cyber security threats and security vulnerabilities such as security vulnerability description, attackers’ techniques, patterns, behaviors, and information used to carry out the attack (for example, phishing emails, malicious or target IP addresses, and compromised credentials or government-issued identifiers), data generated from the use of penetration testing tools, vulnerability match results, port match data. |
Authentication and Security Credential Information | Information for user and role management including permission settings, database IP addresses, account number, users identifiers, database password. |
User Contact | Information such as contact name, email address provided to us to contact you regarding your use of the Features including to sending you the penetration test report. |
User Equipment Information | Data about device and system of the Feature users such as device model, operating system, device identified (e.g. UDID, Android ID). |
To provide the Features to you, we may also process the above data through integration with our features as follows:
Cloud Log Service;
Cloud Object Storage;
Tencent Cloud Observability Platform;
TencentDB for Redis;
TencentDB for MongoDB; and
MySQL.
4. Purposes and Legal Basis
We will only use your personal data for the purposes and legal basis set out below:
Purpose | Legal Basis |
Provide our Features. We use data including Configuration Data, Diagnostic and Usage Data, Threat Intelligence Information, Authentication and Security Credential Information, User Contact and User Equipment Information to operate and provide you with the Features. | It is necessary for us to process this information in order to perform our contract with you, or to take steps at your request prior to entering a contract with you. |
Maintain your configuration settings. We use data including Configuration Data to maintain your configuration settings of the Features and deliver statistics to help you manage the Features. | It is necessary for us to process this information in order to perform our contract with you, or to take steps at your request prior to entering a contract with you. |
Troubleshooting. We use data including Configuration Data, Diagnostic and Usage Data, Threat Intelligence Information, Authentication and Security Credential Information, User Contact and User Equipment Information to monitor the Feature performance and quality, detect and identify errors, bugs or failures, analyze the reasons and troubleshoot such problems. | It is necessary for us to process this information in order to perform our contract with you, or to take steps at your request prior to entering a contract with you. |
Billing. We use data including Diagnostic and Usage Data to facilitate our billing process. | It is necessary for us to process this information in order to perform our contract with you, or to take steps at your request prior to entering a contract with you. |
5. How We Store and Share Personal Information
As specified in the Privacy Policy.
6. Data Retention
We will retain personal data in Section 3 for as long as it is necessary for the fulfilment of the purpose(s) as described in this Module and as required or authorized by applicable laws, to resolve disputes and to enforce our terms and conditions, other applicable terms of service, and our policies. The actual retention period can vary for different data categories, depending on the context of your interactions with us, your configuration set up and your use of the Feature.
For example, for most of the Configuration Data, we retain such data for as long as you use the Features to provide you with the Features and maintain your configuration settings in general.
For Diagnostic and Usage Data, we generally retain information such as vulnerability scanning engine, asset mapping engine operating data up to 7 days (exact number depends on the specific type of data) for the purpose of providing the Features to you.
For Threat Intelligence Information such as attack analysis, we generally retain such data up to 1 year to provide you with the Features. However, for some Features, we may retain such data for as long as the relevant account exists to provide you with the Features.
For most of the Authentication and Security Credential information such as the database IP address, account information, we retain such data for as long as the relevant account exists to provide you with the Features.
Other criteria used to determine the retention periods include:
a longer or shorter retention period is requested or determined by you;
such data is configured to be retained until we have provided the final penetration test report to you, and you have confirmed your use of the relevant Feature (for the relevant IP and domain provided by you) has completed; or
required or authorised by applicable law.
If you have any question or require additional information relating to the above (including where you require further or more specific information on how long we store your personal data), please refer to our Contact Information section in our Privacy Policy.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback