> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zgi.cn/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Compliance

> ZGI security architecture and compliance certifications

## Security Architecture

* **Transport Encryption** — All API requests are transmitted encrypted via TLS 1.3

* **Storage Encryption** — Knowledge base data and vectors are encrypted using AES-256

* **Data Isolation** — Multi-tenants are strictly isolated, and workspace data is invisible to each other.

* **Key Management** — API Key is stored encrypted using AES-GCM, and the front end only displays the mask

* **Operation Audit** — All administrator operations are fully recorded and cannot be tampered with

## Compliance Certification

| Certification      | Status            | Description                                |
| ------------------ | ----------------- | ------------------------------------------ |
| SOC 2 Type II      | Certified         | Security, Availability, Privacy Audit      |
| GDPR               | Certified         | EU Data Protection Compliance              |
| HIPAA              | In preparation    | Medical Data Compliance                    |
| Level 3 protection | Under preparation | Domestic network security level protection |

## Data residency

| Deployment method     | Data location                                 | Network boundaries                           |
| --------------------- | --------------------------------------------- | -------------------------------------------- |
| Cloud SaaS            | ZGI Cloud Infrastructure (AES-256 encryption) | TLS 1.3 encrypted transmission               |
| Privatized deployment | Corporate intranet                            | Data does not leave the intranet at all      |
| Hybrid architecture   | Core data local, computing cloud              | Flexible configuration according to workload |
