Infrastructure
Medcon's servers and data centers operate on the globally recognized, high-security cloud infrastructure provided by Amazon Web Services (AWS).
AWS follow General Data Protection Regulation (GDRP), which can protect the basic privacy rights and personal data of European Union (EU) individuals.
Infrastructure is secured using the best practices:
- Firewall Protection
- Intrusion Detection System (IDS) protection
- DDoS Protection
- Web Application Firewall
- Malware and Antivirus protection at the server level
Databases are backed up in every 24 hours to minimize the impact of an unlikely critical failure.
Secured Hosting Environment
ISO/IEC 27001:2022
GB/T 19001-2016/IS0 9001:2015
Secure payment processor complies with PCI DSS and PCI 3D Secure
Information system security level-3 protection certificate, comprehensively ensures the financial security, information security, and data security of customers
Enterprise Credit Evaluation Certificate(3A)
Images, files, and videos stored in OSS are scanned for content security 24 hours a day
Data Encryption
All data in transmission is fortified by the industry-standard SSL encryption, ensuring that all network-server connections are impervious to unauthorized access.
Any sensitive information you provide to us, such as personal details or payment data, is encrypted before it is transmitted over the internet.
Medcon's SSL certificate undergoes annual renewal to ensure its continued validity.
Web and Mobile App Development and Distribution
Medcon’s products are all independently developed and owns 30+ software copyright certificates and 7+ product design patent certificates.
Our developers conduct regular security reviews.
All systems are scanned regularly for common security vulnerabilities.
No credit card information is permitted to be stored on any mobile device.
All web and mobile applications are primarily developed, tested, deployed, and maintained by a full-time, in-house product team.
Our Organization
All Medon’s product and engineer personnel are required to attend the security training sessions.
More than 3 product managers have obtained the title of the Certified Information Security Professional (CISP).
All employees are required to sign written acknowledgments for their roles and responsibilities in protecting user data and privacy.
Incident Response
In the event of a breach of a Medcon information system, we have a detailed Incident Response plan in place.
Medcon has 24x7 monitoring of its security systems and alerts.
Responsible Disclosure
Medcon is committed to integrating security best practices into every aspect of development. If you come across any vulnerabilities, please contact medcon@126.com
