Update date: October 15, 2025

Lingchuanfeng (Guizhou) Information Technology Co., Ltd. and its affiliates ("Baishan Cloud" or "we") take data security seriously. As a cloud service provider, Baishan Cloud strictly complies with data protection regulations including the Cybersecurity Law of the People's Republic of China and the Data Security Law of the People's Republic of China when delivering products and services. We provide customers with stable, secure cloud environments that effectively protect data. Guided by our commitment to comprehensive data protection, we strive to become a reliable, trustworthy, and continuously evolving cloud partner.

If you have any questions about this statement or other related matters, please contact us as follows. We will further provide you with information and explanations to meet your needs.

Email: legal@baishancloud.com

Service hotline: 400-178-8338

1. Definitions and definitions

1.1 Customer data: refers to the data processed, uploaded, downloaded, distributed or otherwise processed or stored in the Baishan Cloud server by customers due to the use of Baishan Cloud services, including but not limited to text, audio, video or images.

1.2 Exceptions: This statement does not apply to customer data that excludes personal information provided for account registration or new data generated during service use (e.g., user logs, security incidents, etc.) which cannot be self-managed. For details on processing such data—including collection, usage, storage, and sharing—please refer to the "BaiShan Cloud Privacy Policy".

2. Customer data control and roles

2.1 Customer data is controlled and managed by the client, who serves as the controller of such data. Unless otherwise specified by law or agreed upon by both parties, we will not access or use customer data. The client independently determines the ways for controlling their data. During service provision, we will only process data in accordance with strictly implemented client instructions.

2.2 Clients maintain full control over their data. They must accurately and comprehensively identify cloud-based data, select appropriate services, and establish security and data protection strategies to protect personal information. Customers should perform security configuration according to business and data protection requirements to ensure that the processing of customer data complies with the requirements of data protection laws and regulations.

2.3 In accordance with relevant national regulations and the Baishan Cloud Service Rules, customers may take security protection measures for their computer information systems, such as installing state-approved specialized products for computer information system security. Customers may also choose to manage their own encryption keys based on the encryption functions provided by us.

3. Customer data lifecycle

We strictly fulfill this statement and the relevant commitments we have made, and ensure the security of customer data through data security technology and security management measures throughout the life cycle of data such as use, storage and disclosure.

3.1 Use

3.1.1 We maintain our role as a fundamental support provider for clients and will not access or disclose client data except as otherwise specified in this statement. Through robust technical and physical controls, coupled with stringent internal management protocols, we implement comprehensive safeguards to prevent unauthorized access or disclosure of client data.

3.1.2 Customers manage their own access and usage permissions for data. We provide access, encryption, and logging features to help customers achieve this goal.

3.2 Storage

3.3 In order to provide you with services, the customer data generated or collected within the People's Republic of China will be stored on the servers of Baishan Cloud located in the Chinese mainland.

3.3.1 To ensure service security and stability, if customers use our cloud storage products, we will provide multi-replica storage and backup services. We may conduct irregular upgrades or migrations for Baishan Cloud's facilities, servers, bandwidth, databases, and other products. When significant changes occur (such as facility relocation), we will notify customers in advance.

3.3.2 According to the agreement between Baishan Cloud and the client, customer data will be retained until a reasonable period after service expiration or termination. Clients must complete data migration before the retention period expires. Upon expiration, except as otherwise provided by law, Baishan Cloud's service system will automatically delete all customer data and account information. No data can be restored after deletion.

3.4 Disclosure

Unless otherwise provided by law or required by state authorities, we will protect customer data in accordance with the law and will not disclose customer data without authorization.

4. Security of customer data

4.1 Leveraging extensive experience, Baishan Cloud has established a robust data security framework that complies with regulatory standards across multiple countries and industries. Through comprehensive information security management mechanisms, we deliver cloud services that earn client trust. We are continuously advancing the development of systematic data protection security plans to assist clients in establishing and implementing secure protection and control processes, thereby achieving comprehensive security safeguards.

4.2 Baishan Cloud provides customers with a variety of data protection technologies, including access control and identity authentication, data encryption, logging and auditing, and related enhanced technologies, as well as various services based on these technologies to help customers protect their data according to business needs. We will strive to take the following safeguards:

(1) Strict control measures shall be taken for the data retained on the Baishan Cloud Platform. In order to ensure data security, unified management shall be carried out for access, authentication, authorization, storage and audit;

(2) Implement role-based access control and permission management for operation and maintenance personnel, grant corresponding permissions according to job requirements and conduct regular monitoring to ensure that access permissions match job requirements;

(3) Conduct retrospective audit of the logs regularly and review the personnel's operation behavior to check the rationality and necessity of personal data operation;

(4) Conduct due diligence and data security capability assessment on the data processing service providers as required, and sign contracts with them to clarify the data protection obligations and applicable laws and regulations of the providers as processors/sub-processors, so as to ensure that the providers meet the data protection requirements of the customers;

(5) We maintain a dedicated professional team to fully address data protection requests. Upon receiving a request, we will complete processing within the stipulated timeframe and provide feedback to the client. In the event of a data breach, we will fully comply with legal obligations by promptly disclosing the incident and executing emergency response protocols and recovery procedures to minimize the impact on our clients.

4.3 We continuously strive to implement enhanced physical and technical safeguards while strengthening safety management to protect client data. When utilizing Baishan Cloud services, we provide encryption solutions for customer data during transmission and storage based on specific requirements, and support clients in managing their own encryption keys.

4.4 We have obtained information security management activities related to cloud distribution technical services ，including ISO27001 Information Security Management System, ISO9001 Quality Management System, ISO20000 IT Service Management System, ISO27701 Privacy Information Management System Compliance Evaluation, ISO22301 Business Continuity Management System, ISO27017 Cloud Service Information Security Management System, ISO27018 Personal Identifiable Information Security Management System, and ISO37301 Compliance Management System. Having completed the Ministry of Public Security's Information System Security Level Protection filing, we possess corresponding security capabilities.