Data security is Elven's lifeline.

We protect the security of user data from three perspectives: regulations, permissions, and technology, ensuring comprehensive protection.


We have successfully achieved rigorous SOC2 certification and maintain ongoing compliance audits

Security Policies:

In strict accordance with SOC2 standards, our employees have undergone training and have attested to 21 security policies. They have actively participated in 17 security-related project initiatives, which encompass, but are not limited to:

  • Risk awareness training sessions
  • Third-party service usage standard training
  • Privacy protection training
  • Remote work and personal device usage rule training
  • Data management project development training
  • Endpoint security system development
  • Cloud service security system development
  • Risk assessment and control system development

Security Audits:

We undergo annual data security audits conducted by authoritative agencies.

Penetration Testing:

We regularly engage professional teams to conduct penetration testing on our systems.


Users have absolute control over their own data

Management Permissions:

Administrators can authorize members, deciding who can view and edit specific data.

Activity Logs:

User actions are recorded, capturing login, browsing, and modification activities. Critical pages display watermarks with user IDs.

Data Deletion:

Users can easily delete their data, and Elven retains no backups. Rest assured, your data is entirely under your control.


Encryption for Data Transmission and Multi-Location Data Storage

Data Storage Infrastructure:

  • Files are securely stored using S3 encryption and a dual-storage architecture of multi-master and slave databases.
  • Multi-cloud, multi-region backup strategy is implemented to ensure data redundancy.
  • Critical sensitive data is stored using dynamic data masking, preventing internal and external data leaks.
  • We are actively implementing homomorphic encryption to ensure end-to-end data security for our customers.

Web Platform:

  • Enterprise-level HTTPS encryption secures communications across the entire domain.
  • Full integration with Cloudflare safeguards against DDoS attacks and malicious scraping attempts.
  • JWT protocol is employed to encrypt transmission for all API calls, preventing tampering and impersonation.
  • User behavior fingerprinting and operation tracing are applied, preventing multiple logins and enabling behavior-based notifications.
  • Flexible and configurable anomaly detection alerts and service degradation mechanisms are in place.

Development and Operations:

  • Strict control of permissions in code repositories.
  • Passwords are never stored in plaintext within the codebase, thanks to the use of Key Management Service (KMS).
  • Using the jump server mechanism ensures that the maintenance of all production machines is not exposed to the public network.
  • Ownership and access to production machines are rigorously controlled.