Personal Data Protection Mechanism

To ensure that website visitors' personal data, such as the username, password, and mobile phone number, will not be obtained by unauthorized or unauthenticated entities or people and to prevent data leakage, DBSS controls access to the data and records logs for operations performed on the data.

Personal Data

Table 1 lists the personal data generated or collected by DBSS.

**Table 1** Personal data
Type	Collection Method	Can Be Modified	Mandatory
Username	Entered by users on the console login page.	No	Yes Usernames are used to identify users.
Email	Entered by users when configuring email notifications for database audit.	Yes	No

Storage Mode

Usernames are not sensitive data and stored in plaintext.
Emails are encrypted before storage.

Access Control

Only users having the DBSS System Administrator permission can configure email notifications. Users can view only their own emails.

Logging

All non-query operations on users' personal data, including creating and deleting instances, are recorded in audit logs by DBSS and uploaded to CTS. Users can only view their own audit logs.

Previous topic: Billing

Next topic: Permissions Management