DijiMai Global Privacy & Data Processing Policy

The Platform processes information strictly to the extent necessary for the performance of service contracts and for the following specified purposes:

Telecommunications and Routing Services: Execution of transmission, relaying, and delivery of electronic messages.

Neutral Third-Party Archiving (Subscription-Based): Providing a third-party archiving environment isolated from the sender's local infrastructure for clients who have opted for the "Audit Ledger Backup Service."

Communication Security and Forensic Preservation: Providing technical evidence to assist clients in identifying Man-in-the-Middle (MITM) attacks or Business Email Compromise (BEC), ensuring the non-repudiation of communications.

The Platform strictly implements the "Data Minimization" principle to mitigate privacy risks:

Prohibition of Non-Essential Utilization: The Platform pledges never to utilize client data (including recipient information, email content, and tracking metadata) for purposes other than delivery, auditing, and archiving. Data mining, advertising profiling, and the reselling of data to any third party are strictly prohibited.

Data Processor Status: Within the scope of this service, the Client acts as the Data Controller, and the Platform serves solely as the Data Processor. Unless mandated by a compulsory legal order, we shall not disclose any data under processing to external parties.

For the "Audit Ledger Backup Service," the Platform implements the highest industry standards for security control:

Encryption at Rest: All archived copies are stored using high-intensity symmetric encryption algorithms (AES-256).

Key Custody and Security Commitment: As the secure custodian of encryption keys, the Platform makes the following commitments:

o Non-Disclosure Principle: Encryption keys are managed by the Platform's internal security systems and shall never be provided, transferred, or disclosed to any third-party organisation in any form.

o Strict Privilege Segregation: Access to system keys is restricted to automated secure environments. Any human intervention requires Multi-Factor Authentication (MFA) and is subject to comprehensive audit logging.

Integrity Verification: Every transmission record generates a SHA-256 Digital Fingerprint to ensure that the data possesses integrity and remains unaltered from the moment of archiving.

The Platform leverages a globally distributed cloud infrastructure:

Compliance in Cross-Border Transfers: For data originating from regions with cross-border transfer restrictions (such as the EEA), the Platform ensures compliance with relevant legal requirements (e.g., through Standard Contractual Clauses, SCCs).

Substantive Equivalent Protection: We ensure consistent and substantively equivalent data security protection standards across all global service regions.

Exercise of Rights: The Platform respects the rights granted to data subjects by global jurisdictions, including access, rectification, erasure (the "Right to be Forgotten"), and restriction of processing.

Retention Period: Archived data is retained only for the audit period defined by the client's subscription. Upon service termination or a deletion request, the Platform employs physical or irreversible digital destruction techniques to purge the associated data.

This Policy will be updated periodically in response to changes in international regulations. For inquiries regarding this Policy or data processing practices, please contact our Security & Compliance Team.

Contact Email: [security@dijimai.com] (Protected by Anti-Spam Measures)