Security and Compliance

We protect data confidentiality, integrity, and availability through internationally recognized certifications and compliance standards.

OUR SECURITY FRAMEWORK

How we protect your automation

Cloud Infrastructure

  • Hosted on Alibaba Cloud, China Level 3 CSP certified
  • Enhanced WAF + native DDoS protection on all endpoints
  • Production environments fully segregated across availability zones

Data Protection

  • Strict tenant data isolation — no cross-tenant data access
  • AES-256 encryption at rest; TLS 1.2+ in transit
  • All earlier TLS/SSL versions (TLS 1.0, 1.1, SSL) permanently disabled
  • API request logs retained for 180 days

Access Control & Audit

  • User passwords cryptographically hashed within all products
  • Double SHA-256 algorithm for RPA platform credential storage
  • Login credentials irreversibly hashed — cannot be decrypted in reverse

Secure Development Lifecycle

  • Static (SAST) and dynamic (DAST) security testing integrated in development
  • ISO/IEC 27001:2013 certified across all Core Platform and Cloud Platform products
  • Automated vulnerability scanning and penetration testing are essential during our development
COMPLIANCE & CERTIFICATIONS

Independently audited, globally trusted

Icon for ISO 14001
ISO 14001
Icon for ISO 20000
ISO 20000
Icon for ISO 9001
ISO 9001
Icon for CMMI5
CMMI5
Icon for SOC 2
SOC 2
Icon for ISO/IEC 27001
ISO/IEC 27001
Icon for GDPR Compliance
GDPR Compliance
Icon for Veracode Verified
Veracode Verified

Security FAQ

Does Laiye conform to information security standards?

Yes. Laiye has achieved ISO/IEC 27001:2013 Certification for all its Core Platform and Cloud Platform products, and complies with additional security standards and regulations.

Does Laiye share user data with third parties ?

Laiye does not share or access your data when you use Laiye products installed on premise.

Laiye has access to limited customer data when you use Laiye cloud products, which are kept within our ecosystem since we could completely control our in-house technology. However, if the solution involves a third-party application or platform, we will notify you before sharing your data.

For more information about how Laiye processes personal data used with Laiye products, please contact us.

Is data encrypted in Laiye clouds product?

Laiye encrypts customer data in transit and at rest. All customer data stored within Laiye cloud products and services is encrypted in transit over public networks using Transport Layer Security (TLS) 1.2+ to protect it from unauthorized disclosure or modification. Customer data stored in Laiye cloud products and services is AES-256 encrypted at rest.

Is Transport Layer Security (TLS) always used for communications?

Yes, all Laiye Cloud systems only use TLS for communication. In line with Industry standards, we have disabled TLS 1.0, TLS 1.1, and all versions of SSL.

How are passwords for Laiye products stored ?

User passwords are cryptographically hashed within all Laiye products. Robot passwords are encrypted with AES-256 encryption. Laiye RPA platform uses a double SHA256 algorithm for hash storage of the user's username and password to ensure that they cannot be decrypted in the reverse direction.

How should I report if I find a vulnerability in one of your products ?

 Please let us know immediately by contacting us directly.

Have more questions?

Our  team is available to address any concerns about data protection, compliance, and platform security.