
Security and Compliance
We protect data confidentiality, integrity, and availability through internationally recognized certifications and compliance standards.
How we protect your automation
Cloud Infrastructure
- Hosted on Alibaba Cloud, China Level 3 CSP certified
- Enhanced WAF + native DDoS protection on all endpoints
- Production environments fully segregated across availability zones
Data Protection
- Strict tenant data isolation — no cross-tenant data access
- AES-256 encryption at rest; TLS 1.2+ in transit
- All earlier TLS/SSL versions (TLS 1.0, 1.1, SSL) permanently disabled
- API request logs retained for 180 days
Access Control & Audit
- User passwords cryptographically hashed within all products
- Double SHA-256 algorithm for RPA platform credential storage
- Login credentials irreversibly hashed — cannot be decrypted in reverse
Secure Development Lifecycle
- Static (SAST) and dynamic (DAST) security testing integrated in development
- ISO/IEC 27001:2013 certified across all Core Platform and Cloud Platform products
- Automated vulnerability scanning and penetration testing are essential during our development
Independently audited, globally trusted
Security FAQ
Yes. Laiye has achieved ISO/IEC 27001:2013 Certification for all its Core Platform and Cloud Platform products, and complies with additional security standards and regulations.
Laiye does not share or access your data when you use Laiye products installed on premise.
Laiye has access to limited customer data when you use Laiye cloud products, which are kept within our ecosystem since we could completely control our in-house technology. However, if the solution involves a third-party application or platform, we will notify you before sharing your data.
For more information about how Laiye processes personal data used with Laiye products, please contact us.
Laiye encrypts customer data in transit and at rest. All customer data stored within Laiye cloud products and services is encrypted in transit over public networks using Transport Layer Security (TLS) 1.2+ to protect it from unauthorized disclosure or modification. Customer data stored in Laiye cloud products and services is AES-256 encrypted at rest.
Yes, all Laiye Cloud systems only use TLS for communication. In line with Industry standards, we have disabled TLS 1.0, TLS 1.1, and all versions of SSL.
User passwords are cryptographically hashed within all Laiye products. Robot passwords are encrypted with AES-256 encryption. Laiye RPA platform uses a double SHA256 algorithm for hash storage of the user's username and password to ensure that they cannot be decrypted in the reverse direction.
Please let us know immediately by contacting us directly.