What technical and organizational measures does Tuya have in place to safeguard customer data security and privacy？

When Tuya's products and services collect personal data, they are guided by the following basic principles: clarity of purpose, choice of consent, data minimization, transparency, and security. Data security storage: Tuya IoT PaaS isolates corporate data to ensure the security of customer data. At the same time, Tuya IoT PaaS provides different data storage services for different business scenarios. Sensitive data of customers or end-users are stored with AES-256 encryption, some sensitive data are desensitized as necessary, and the keys are managed and distributed through the key management center for unified security. Data security processing: Tuya divides data into personal data, platform information data, and internal corporate data. Security requirements and countermeasures are implemented depending on data types. Strict data access control and approval mechanisms are adopted. Data filtering is used to enforce strict verification of data type, length, and format for all service entrances to ensure data integrity and non-contamination. For data destruction, Tuya adopts the underlying deletion mechanism of cloud services to permanently delete the data.