Security

Last Updated: June 23, 2026

1. Infrastructure Security

1.1 Cloud Infrastructure

Bigjpg is deployed on secure cloud infrastructure with industry-standard physical and network security controls. Our infrastructure providers maintain certifications including ISO 27001, SOC 2, and other applicable security standards.

1.2 Network Security

• All network traffic is encrypted in transit using TLS/HTTPS
• Access to production systems is restricted through firewall rules and network segmentation
• Internal services communicate over encrypted channels
• DDoS protection and rate limiting are implemented at the network level
• Regular vulnerability scanning is conducted on our infrastructure

1.3 Access Control

• Production system access is limited to authorized personnel only
• Multi-factor authentication (MFA) is required for administrative access
• Access is granted on a least-privilege principle
• All access to production systems is logged and audited
• Access credentials are rotated regularly

2. Application Security

2.1 Secure Development

• Security reviews are conducted as part of the development lifecycle
• Code changes are reviewed before deployment to production
• Dependencies are regularly updated and monitored for known vulnerabilities
• Security best practices are followed for authentication, authorization, and data handling

2.2 Authentication

• User passwords are hashed and salted using industry-standard algorithms
• Session management follows security best practices
• Account recovery processes include identity verification steps
• Users are encouraged to use strong, unique passwords

2.3 API Security

• API endpoints require authentication where applicable
• Rate limiting is applied to prevent abuse
• Input validation and sanitization are performed on all API inputs
• API responses are carefully structured to avoid information leakage

3. Data Security

3.1 Encryption

3.2 Image Storage and Deletion

Uploaded images are our most sensitive data asset. We implement the following measures:

• Images are stored securely with restricted access
• Automatic deletion after the retention period (24 hours for free users, 72 hours for paid users)
• Deleted images are permanently removed from active storage systems
• Uploaded images are not publicly accessible
• Unique, non-guessable identifiers are used for stored images
• Automated content scanning: Our backend storage on Alibaba Cloud OSS is scanned periodically by Alibaba Cloud Content Moderation Service for NSFW and prohibited content, with flagged content being automatically removed

3.3 Payment Data

Bigjpg does not directly store payment card information. All payments are processed by PCI DSS-compliant third-party payment processors who are responsible for the security of payment data.

4. Monitoring and Incident Response

4.1 Monitoring

• System logs are monitored for suspicious activity
• Anomaly detection is applied to identify unusual patterns
• Service availability is continuously monitored
• Security events are logged and retained for investigation purposes

4.2 Incident Response

Bigjpg maintains an incident response process to address security events:

1. Detection: Security events are identified through monitoring, reports, or automated alerts
2. Assessment: The nature and severity of the event are evaluated
3. Containment: Immediate steps are taken to limit the impact of the event
4. Investigation: A thorough investigation is conducted to determine the root cause
5. Remediation: Corrective actions are implemented to prevent recurrence
6. Notification: Affected users and relevant authorities are notified where legally required

4.3 Breach Notification

In the event of a security breach involving user data, Bigjpg will:

• Notify affected users in accordance with applicable data protection laws
• Notify relevant regulatory authorities as required (e.g., data protection authorities)
• Provide clear information about the nature of the breach and steps taken
• Offer guidance to affected users on protective measures they can take

5. User Account Security

Users play an important role in maintaining account security. We encourage users to:

• Use strong, unique passwords for their Bigjpg account
• Keep their account email address up to date
• Log out of their account on shared or public devices
• Contact us immediately if they suspect unauthorized account access
• Be cautious of phishing attempts冒充 Bigjpg

If you believe your account has been compromised, please contact us immediately at:

Email: i@bigjpg.com

6. Vulnerability Disclosure

Bigjpg welcomes responsible disclosure of security vulnerabilities. If you discover a security issue in our platform, please report it to us:

Email: i@bigjpg.com

Subject line: Security Vulnerability Report

We request that security researchers:

• Provide sufficient detail to allow us to reproduce and address the issue
• Allow us a reasonable timeframe to address the issue before public disclosure
• Avoid accessing or modifying other users' data during research
• Act in good faith to improve platform security

We aim to acknowledge vulnerability reports promptly and keep researchers informed of our progress in addressing reported issues.

7. Third-Party Security

Bigjpg engages third-party service providers for certain functions, including:

• Cloud infrastructure and hosting
• Payment processing
• Content delivery network (CDN) services
• Analytics services

We evaluate third-party providers for their security practices and contractually require them to maintain appropriate security safeguards. However, the security practices of third-party providers are ultimately governed by their own policies and procedures.

8. Compliance

Bigjpg's security practices are designed to align with:

• Applicable data protection regulations (GDPR, CCPA/CPRA, etc.)
• Industry security best practices
• Contractual security obligations with partners and payment providers

9. Contact

For security-related inquiries, including vulnerability reports and security incident notifications, please contact:

© 2026 Bigjpg. All rights reserved.