Security 安全保护


Security is central to the work we do at OpenDaily.

Here’s a note on how we handle the data we’re entrusted with. Please don’t hesitate to reach out to us with any questions.


Data in transit

OpenDaily uses 256-bit TLS encryption so that as you share data back and forth with DailyOpen, your transmissions are secure — this is the same level of encryption used by banks and all other processors of highly-sensitive data.


Data at rest

All OpenDaily data is stored using several layers of encryption. Stored data is split into chunks, with each chunk encrypted by a unique data encryption key. These keys are stored with the data, wrapped by further encryption keys which are stored in specific and highly secured-service which is redundant and globally distributed. All OpenDaily data is encrypted using either AES256 or AES128.



OpenDaily never touches sensitive credit-card data, either for our paying customers or for our invoice payment features. Though OpenDaily presents forms for credit card entry seamlessly using partners, all credit card information is handled entirely by the service you choose — FPX, Billplz, PayPal, etc. — which maintain the highest level of PCI-DSS compliance.


Security testing

We regularly test for vulnerabilities using both internal and external resources. Any potential security vulnerabilities we find are escalated for immediate investigation and take priority over all other engineering tasks.


Physical data center security

The data centers used by OpenDaily feature a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection.

The data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs and activity records are reviewed in case an incident occurs. Data centers are also routinely patrolled by experienced security guards who have undergone rigorous background checks and training.


Data loss prevention

We keep regular backups of our data. Though we’ve never suffered a data loss event, backups are kept on a rolling basis and destroyed at a later time according to our data retention policy.