HTAP Summit 2024 session replays are now live!Access Session Replays

Our Commitment

Whether you’re a customer, partner, or part of our team, we understand how crucial it is to keep your information safe. We invest heavily in cutting-edge security technologies, rigorous privacy controls, and comprehensive compliance frameworks to ensure your data is protected at all times.

Privacy

We strictly follow global regulations like GDPR and CCPA to safeguard your personal data. Our privacy practices include data minimization, purpose limitation, and giving you full control over how your data is used, including access and deletion options.

Security

We use advanced measures such as end-to-end encryption, multi-factor authentication, and continuous threat detection to protect your data from unauthorized access and cyber threats. Standards like ISO 27001/27701 and SOC 1, 2 and 3 guide our security practices to ensure your data is always safe.

Compliance

Our compliance efforts meet a wide range of regulations and frameworks, including GDPR, HIPAA, and PCI-DSS, ensuring that your data is handled with the highest integrity. We conduct regular third-party audits and have strong governance mechanisms in place to stay compliant and build trust.

Max Liu

For us, trust isn’t just a priority — it’s the foundation of our relationship with every customer, partner, and employee. We understand that in today’s digital world, security and privacy are paramount. That’s why we invest heavily in cutting-edge technologies, maintain strict compliance with global standards, and ensure transparency at every step. Our mission is to provide you with the confidence that your data is safe with us, allowing you to focus on what matters most.

Max Liu, Founder & CEO | PingCAP
Darlene

At TiDB, trust is at the core of everything we do. Protecting our customers’ data from possible attacks, and ensuring security are the fundamentals of our core business and daily work. Our commitment to privacy and security extends beyond just complying with regulations—we strive to uphold the highest ethical standards in every interaction.

Darlene Cedres, Global Privacy Leader | PingCAP

Trust Hub FAQ

The Trust Hub is your central resource for learning about how TiDB protects your data, ensures privacy, and complies with industry regulations. It provides transparency into our security practices, compliance certifications, privacy policies, and more. Our goal is to give you peace of mind that your data is safe, secure, and managed responsibly.

We use industry-leading security measures to protect your data, including encryption, multi-factor authentication, and strict access controls. Data is encrypted both in transit and at rest, and our systems are continuously monitored for suspicious activity. We also conduct regular security audits and vulnerability assessments to ensure the highest levels of protection.

TiDB adheres to several globally recognized compliance standards and certifications to ensure data security and privacy, including:

  • SOC 1, SOC 2, and SOC 3
  • ISO/IEC 27001 for information security management
  • ISO/IEC 27701 for privacy information management
  • PCI-DSS for payment card data security
  • HIPAA as a Business Associate for handling healthcare data
  • GDPR compliance for EU residents
  • CCPA compliance for California residents

These certifications reflect our commitment to maintaining the highest security and privacy standards.

We are fully committed to complying with global privacy regulations, including the General Data Protection Regulation (“GDPR”), California Consumer Privacy Act (“CCPA”), and other regional laws. Our privacy practices are designed to give you control over your data, allowing you to access, correct, delete, or limit the use of your information. For more details, please see our TiDB Privacy Notice.

SOC 2 (Service Organization Control 2) is a widely recognized standard for evaluating the security, availability, processing integrity, confidentiality, and privacy of systems. SOC 2 compliance demonstrates that TiDB has implemented strong controls to protect your data and ensure the reliability of our services. We undergo regular independent audits to verify our adherence to these standards.

We comply with the Payment Card Industry Data Security Standard (“PCI-DSS”) to ensure the secure handling of payment card information. This includes encrypting payment data, using secure payment processing systems, and implementing strict access controls to prevent unauthorized access.

You have the right to access or request deletion of your personal data in accordance with privacy regulations like GDPR and CCPA. To submit a request, please contact our compliance team at privacy@pingcap.com. We will respond to your request within the timeframe required by applicable law.

Encryption is a method of converting your data into a code to prevent unauthorized access. We use encryption to protect data both while it is being transmitted over the internet (in transit) and when it is stored on our servers (at rest). This ensures that your information remains confidential and secure, even if intercepted.

We adhere to data sovereignty principles, ensuring that data is stored and processed within the legal jurisdiction of the relevant region. We offer dedicated regional cloud instances that allow for on-soil processing, which means that your data remains within the borders of the country or region where you are based, in compliance with local data protection laws.

As a HIPAA Business Associate, TiDB is responsible for ensuring the security and privacy of Protected Health Information (“PHI”) . We comply with HIPAA requirements for Business Associates, including encryption, access controls, and security monitoring, to protect healthcare data in accordance with U.S. regulations. We also maintain Business Associate Agreements (“BAA”s) with our healthcare partners to ensure compliance.

If you have any concerns or questions about data security, privacy, or compliance, please feel free to contact our compliance team at privacy@pingcap.com. We are here to help and will address your inquiries promptly.