Data Protection Commitments
This document is OKAXI’s formal technical commitment for Enterprise partners: how we design our data processing workflow, our data-isolation architecture, and the proactive security measures that protect operational data across the entire engagement lifecycle.
Data Protection Commitments
Last updated:
1. Regulatory Alignment
OKAXI designs its data processing workflow in alignment with international information-security regulations and governance frameworks, including the EU General Data Protection Regulation (GDPR, with particular attention to Articles 5, 25 and 32 covering lawfulness, privacy-by-design and security of processing), the Vietnam Cybersecurity Law 2018, the Vietnam Network Information Security Law 2018, and Decree 13/2023/ND-CP on personal data protection. We do not at present claim certification under ISO/IEC 27001 or SOC 2 Type II; however, the control, logging and access-restriction principles applied to every project reference these standards directly, ready for the formal certification roadmap once business scale and client requirements call for it.
2. Data Isolation Architecture
Each Enterprise engagement is provisioned with an isolated working space at the cloud-infrastructure layer, with Access Control Lists established under the least-privilege principle from day one: only team members directly assigned to the project are granted read access, and the scope of access is reviewed periodically. Data belonging to different clients never share a database schema, a document storage directory, or an internal collaboration channel. When a team member rotates off a project, access is revoked within 24 working hours and any associated system credentials are rotated immediately in accordance with our offboarding procedure.
3. Encryption In Transit and At Rest
All data exchanged between OKAXI and partners, including business email channels, project management tooling, source code repositories and internal platforms, is encrypted using TLS 1.2 or higher in transit, with forward secrecy enabled by default. Data stored in OKAXI cloud infrastructure is encrypted at the storage layer using AES-256 (server-side encryption), and application-level secrets (API keys, third-party integration tokens, database connection strings) are managed through a dedicated secret-vault system. All secret access is fully logged and periodically reviewed; no team member, including management, has the ability to read raw secret values directly from any administrative console.
4. No Public Storage Without ACL
OKAXI strictly does not store sensitive client information, including business documentation, internal source code, personal data or credentials, on public-access storage that lacks proper authorisation controls. Uploading any client data file to a publicly configured cloud storage bucket, a public Git repository, a public Pastebin or similar platform is forbidden by hard technical policy and by automated review steps in our CI/CD pipeline. When large data sets need to be shared with partners, we use short-lived signed URLs (maximum 48-hour lifetime) or authenticated enterprise sharing channels, never an unrestricted public link.
5. Incident Response and Notification
OKAXI maintains an internal information-security incident response workflow covering detection, containment, remediation, root-cause analysis and lessons learned. In the event of an incident affecting client data, we commit to notifying the partner’s designated point of contact within 72 hours of incident confirmation, together with an assessment of the impact scope, the remediation steps already taken, and a plan to prevent recurrence. Questions regarding our data protection policy, security audits or requests for a Data Processing Agreement (DPA) can be sent to info@okaxi.com with a subject line prefixed "[Data Protection]" so that OKAXI management can prioritise the matter.