Retention Period

In order for you to use the diversified products and services of Baidu AI Cloud and effectively handle possible disputes, in addition to meeting the mandatory requirements of the Cybersecurity Law for data retention, we will save your personal information during your use of the products and services of Baidu AI Cloud and before the expiration of the statute of limitations for related behaviors. After the above period expires, we will delete or anonymize your information (namely, we will process your personal information so that your identity cannot be recognized by any third party).

In case a product or service of Baidu AI Cloud stops operating, we will take reasonable measures to protect the security of your user information, including stopping collecting your user information in time, and deleting or anonymizing your information according to the rules above; the notice on stopping operation will be delivered to each user or announced to all users.

Territory of Information Retention

Your personal information is stored in the People's Republic of China.

If some products or services involve cross-border affairs and we need to transmit your personal information outside the People's Republic of China, after obtaining your authorization and consent, your personal information may be transferred to or accessed from overseas jurisdictions; in addition, if it is necessary to transmit your personal information outside the People's Republic of China due to government supervision, judicial assistance requirements, and similar causes, we will inform you of the data type, as well as the purpose, recipients and relevant security measures of the cross-border transmission. During such transmission, we will help ensure that you always enjoy data rights and data protection through compliant mechanisms (such as contracts) in accordance with this privacy policy and applicable laws and standards in the destinations of data transmission.

If the overseas jurisdiction has different data protection laws or no relevant laws, we will try our best to ensure that your personal information equally protected as in the People's Republic of China. For example, de-identification of data and other security measures before cross-border data transfer.

Security Measures

We collect, use, store and transmit user information according to the mature security standards and specifications in the industry, and inform you of the purpose and scope for the use of relevant information through user agreements and privacy policies.

We attach great importance to information security. We have a dedicated team responsible for the development and application of a variety of security technologies and procedures, etc. We will conduct security background checks on personnel responsible for security management and other key security positions, and we have established a sound information security management system, an internal security incident handling mechanism and other required systems. We will take reasonable and feasible security measures and technical means in line with industry standards to store and protect your personal information, so as to prevent it from loss, unauthorized access, public disclosure, use, modification, damage, or leakage. We will take all reasonable and feasible measures to protect your personal information. We will use encryption technologies to ensure the confidentiality of data; we will adopt a trusted protection mechanism to protect the data from malicious attacks.

We will regularly train and assess our employees on the awareness and capabilities of data security to enhance their awareness of the importance of personal information protection. We have deployed an access control mechanism to carry out identity authentication and access control for employees who handle personal information; we will sign confidentiality agreements with employees and partners when need to access your personal information and clarify responsibilities and code of conduct, so as to ensure that only authorized personnel have access to your personal information. Anyone who with any breach of the confidentiality agreement will be investigated for relevant responsibilities.

Please note that the Internet is not an absolutely secure environment. When you exchange information with other users through e-mail, SMS, etc., it cannot be sure that the transmission of information by any third-party software is completely encrypted. Please ensure the security of your personal information. We suggest that you don’t send your personal information in any of the above ways to avoid disclosure of your personal information. Please use complex passwords to help us ensure the security of your account and personal information.

Please also understand that even if we try our best to strengthen security measures, it is impossible to always ensure 100% security of information in the Internet industry due to the limitation and rapid development of technology and various possible malicious attacks. Please understand that the systems and communication networks you use when using our products and/or services may have security problems in areas beyond our control.

According to our security management system, an incident of personal information leakage, damage or loss is listed as a most serious security incident. Once it happens, we will launch the company's highest-level emergency plan to handle it by a joint emergency response team composed of various departments such as the [Security Department, the Government Relations Department and the Legal Department].

Notification of Security Incidents

1. We will formulate contingency plans for cybersecurity incidents to handle security risks such as system vulnerabilities, computer viruses, network attacks, and network intrusions in a timely manner. When an incident endangering cybersecurity occurs, we will immediately launch the contingency plans, take corresponding remedial measures, and report it to the relevant competent authorities according to relevant regulations.
2. The leakage, damage and loss of personal information are serious security incidents at the corporate level. We will regularly organize members of the working group to conduct security plan drills to prevent such safety incidents from happening. In such an incident occurs, we will launch the contingency plan at the top priority, and form an emergency response team composed of multiple departments, such as the Security Department, the Government Relations Department, and the Legal Department, to trace the causes and minimize the losses in the shortest time.
3. In case of a security incident of personal information, we will inform you of the basic information and possible impact of the security incident, the countermeasures we have taken or will take, suggestions on risks that you can prevent and minimize independently, and remedial measures for you in a timely manner. We will inform you of the relevant information about the incident in a timely manner through the contact information you’ve provided, such as in-site notification, SMS notification, telephone and email. If it is difficult to inform users one by one, we will make an announcement in a reasonable and effective way. At the same time, we will take the initiative to report the handling of the security incident of personal information as required by the regulatory authorities.