Experience the
WhaTap right now.

WhaTap Monitoring
2024-09-27
A to Z of privacy protection at WhaTap Labs
WhaTap
AI-Native Observability Platform

Table of contents

Example H2

WhaTap Labs strictly complies with the latest “Personal Information Protection Act” and “Personal Information Safety Measures Standards,” and is doing its best to safely manage the entire personal information processing process from collection to destruction. Through this, personal information infringement incidents are prevented in advance and personal information is kept safe. Below, we will introduce in detail the 5 major inspection items that WhaTap Labs implements according to the personal information lifecycle.

1. Encrypt personal data

One of the most important elements of privacy protection is keeping sensitive information safe from external disclosure or unlawful access. WhaTap Labs does not collect important personal information such as social security numbers, passport numbers, driver's license numbers, credit card numbers, account numbers, and biometric information. The collected personal information, such as name, email, and user phone number, is securely encrypted and stored using the AES-128 encryption algorithm.

In particular, authentication information such as passwords is applied using one-way encryption techniques that cannot be decrypted, and security is further enhanced through salt techniques. This makes it difficult for hackers or external attackers to guess or restore passwords.

The cryptographic keys used for encryption are thoroughly managed through KMS (Key Management Service). KMS is a system that systematically manages the secure generation, storage, distribution, use, and destruction of cryptographic keys. The maximum usage period for the encryption key is set to 1 year, and when that period has elapsed, the encryption key is automatically discarded and replaced with a new encryption key. This maintains cryptographic key integrity.

2. Managing access rights to personal information

The core of managing access rights to personal information is to limit access to personal information to the minimum extent necessary to perform work. WhaTap Labs grants differential access rights to each person in charge of processing all personal information, and minimizes the number of people who can access personal information. This blocks unnecessary access to information and prevents potential security incidents.

WhaTap Labs has introduced an electronic payment system and only grants access records through this procedure. These are kept for at least 3 years, and internal audits are being carried out based on these records. Also, if the person in charge leaves the company or there is a personnel change, such as a change in department, the existing authority is immediately deleted and the new authority is granted through the approval process.

In particular, the shared use of a single account by multiple people is strictly prohibited, and each personal information handler accesses the system through unique authentication. If a personal information accessor fails authentication 5 times or more, the system automatically blocks access to that account for 10 minutes.

3. Personal information processing system access control

Controlling access to personal information processing systems is an important security procedure to prevent unauthorized disclosure or illegal access to personal information. WhaTap Labs applies strict access controls to all personal information processing systems and restricts access only to authorized users based on network information such as IP addresses. This proactively blocks unauthorized access from outside and enhances system security.

Access to all internal systems is set to be possible only through a VPN, and the system cannot be accessed via any other route. The IP address connecting to the VPN is continuously monitored, and abnormal connection attempts that occur within the country or outside of the business trip area are also monitored

Additionally, additional security procedures are required when accessing personal information processing systems from outside. For example, WhaTap Labs enforces various authentication methods such as security tokens and one-time passwords (OTP). This blocks illegal access attempts in advance and prevents unauthorized users from accessing the personal information processing system. Furthermore, access records are continuously monitored, and a system is in place to respond immediately when abnormal signs occur.

4. Storage and inspection of access records

Access records for all personal information processing systems are kept for at least 1 year, and in the case of systems that process personal information of 50,000 or more people or include unique identification information and sensitive information, these records are kept for at least 2 years. WhaTap Labs thoroughly stores not only access records to personal information processing systems, but also access records to all systems, and checks whether there are any abnormal signs through regular inspections at least once a month.

WhaTap Labs works with various security devices to detect abnormal signs in the personal information processing system in real time and take preventive measures against security threats. All of these inspection results are recorded and stored as evidence, making it possible to respond quickly in the event of future security incidents. Furthermore, we are continuously carrying out inspections and improvements to prevent misuse, misuse, loss, theft, falsification, and damage of personal information in accordance with the standards required by relevant laws and regulations.

5. Destruction of personal data

It is very important that personal data is destroyed so that it cannot be restored. WhaTap Labs completely destroys personal information so that it cannot be restored.

As soon as the legal period required to preserve personal data expires, we follow the procedure for destroying data. Personal information destroyed during this process is processed in a state where it cannot be recovered, thereby minimizing unnecessary retention of personal information and blocking the possibility of leakage incidents in advance. The personal information destruction procedure meets the standards required by the Personal Information Protection Act, and WhaTap Labs strictly complies with it to manage data safely.

WhaTap Labs strictly complies with the latest personal information protection laws and maintains the best security environment through continuous inspection and improvement at each stage of collection, storage, management, and destruction for the safe processing of personal information. Through these efforts, we protect customers' valuable personal information and provide reliable services to prevent incidents of infringement in advance. In addition, we continue to maintain CSAP, ISO-27001, 27017, and 27018, which are domestic and international security certifications, and we are improving security every year based on these.

WhaTap
AI-Native Observability Platform
WhaTap unifies monitoring for GPUs, applications, servers, databases, Kubernetes, and browsers on a single platform, enabling rapid response to complex IT environments. Trusted by over 1,200 companies worldwide.
목차
Example H2
배너 타이틀
Related Content
No items found.
Claude Code 모니터링
Tech
Claude Code Monitoring: A Guide to Tracking AI Developer Tool Usage
2025-08-28
Tech
Retrofit 3.0 update: major changes and what the Kotlin transition means
2025-08-13
GPU
GPU on subscription? Here’s what GPUaaS (GPU as a Service) means
2025-08-12
Experience Monitoring with WhaTap!
Try the demo