Service Security

BreezySign, a product and service developed for PenPower Technology (PenPower Ltd.), utilizes PenPower's security mechanisms to protect user data. Please read the following information to understand the service security provided by PenPower:

Thank you for using the products and services provided by PenPower Technology. We deeply understand the importance of data security and privacy to you. We are committed to providing a reliable and secure cloud environment, applications, and services. The purpose of this page is to explain how PenPower protects user data security. PENPOWER performs ongoing and regular security checks, including monitoring suspicious activities in the infrastructure, assessing company data security risks, updating security models, and resolving security issues. Through these management processes, PenPower ensures that security controls can continuously meet the information security needs arising from the company's ongoing growth.

PenPower uses load balancing devices, firewalls, and VPNs to define network data, thereby controlling the services exposed by PenPower on the Internet and distinguishing between production environments and other computational infrastructures. We strictly control the infrastructure of the production environment and restrict data access to protect data and network security. The firewall used in applications and cloud configurations is an external firewall that intercepts communication ports and protocols, protecting the software from attacks and preventing the loss of important user data.

BreezySign accounts require a password of at least 8 characters in length. We recommend setting a complex password that is different from the passwords used for any other websites or online services. The password should include both letters and numbers. We never store your password in plain text format.

BreezySign uses multiple email domains, each with a different purpose, such as sending system notifications, communicating with users, or sharing marketing information.
● @breezysign.com
● @penpower.com.tw

PenPower conducts in-depth analysis and inspection of the functionality and code of systems or products for security and privacy. Before deploying to the production environment, we store the code in a Git version control repository and evaluate it in the testing environment. Our development team is responsible for improving the security of the code and regularly assessing our applications and services for common security issues, including CSRF, injection attacks (XSS, SQLi), session management, URL redirection, and clickjacking. Our services use OAuth to authenticate all third-party client applications. When you connect a third-party application to your account, the application does not require your login credentials. Once you successfully authorize PenPower's service, we provide client authorization credentials to verify your subsequent access permissions. This eliminates the need for third-party applications to store your account and password on their devices.

Unless you intentionally delete files or remove the application from your device without backing up, PenPower will retain files and their contents stored in the application. For information on how to delete files, please follow the instructions in the application: If you store files in BreezySign Cloud, files stored in the 500MB free cloud storage will continue to be retained in the cloud unless you intentionally delete the files or request PenPower customer service to delete your PenPower account. If you subscribe to PenPower's services and obtain cloud storage space based on the subscription plan, and you subsequently stop subscribing, PenPower may decide to delete or remove any or all files stored in BreezySign Cloud after the 60-day grace period following the expiration of the subscription. For information on the subscription expiration policy, please refer to our Terms of Service under the heading Subscription Expiration. If you wish to delete or disable your PenPower account,Terms of Service（Subscription Expiration）。 https://www.breezysign.com/contactus you can contact our customer service team through。Please note that once you delete your BreezySign account, files stored in BreezySign Cloud will be permanently deleted.

PenPower's servers are built on the Google Cloud Platform (GCP). GCP services are trusted by the industry and have detailed security measures. You can find more information in the following links:

● https://cloud.google.com/security/compliance/
● https://cloud.google.com/security/

We understand that the data stored in PenPower's services is private and confidential. We strictly control personnel who can access internal data to ensure the security and confidentiality of your data. Among PenPower's team members, only authorized developers are allowed to access the database. We only allow authorized developers to access data when resolving issues related to customers or optimizing system performance.

We store records of interactions between customers and us on the server side, including access to web servers or applications and activity logs through APIs. You can query the recent access time of various applications linked to your account through customer support.

PenPower collects and stores records of production environment servers to analyze and monitor the security status of the production environment's infrastructure. These records are stored in an isolated network and indexed.

All static or transmitted data in PenPower's encrypted servers is continuously protected. We use TLS v1.2 to protect data and use AES-256 to encrypt transmitted data. User passwords are processed through hash functions. We use the technology provided by the Google Cloud Platform (GCP) to ensure high protection of user data on the network.

We continuously back up user data on the GCP network, backing up all data every day. Backup data is encrypted and distributed to various locations and is retained for 30 days. We perform data recovery plans every day.

PenPower's systems and user data are set up on the GCP network and are tightly protected. Google data centers are built on high-standard technology, following industry best security practices, rigorously constructing physical security controls to prevent any system failures while maintaining data center recovery capabilities. For more information about GCP data centers, please refer to the following link:

https://cloud.google.com/security/compliance/

Please refer to our Privacy Policy for more information.

Service Security Update Date: March 9, 2023.