New · HOT 100 RADAR 주간 예측 업데이트 Smart Link — Melon · Genie · Bugs · FLO · VIBE 자동 연결 RADIO RADAR · 1,345 stations 모니터링 Spotify RADAR · 73개국 일간 차트 Newsroom PR · 6개 언어 자동 번역 New · HOT 100 RADAR 주간 예측 업데이트 Smart Link — Melon · Genie · Bugs · FLO · VIBE 자동 연결 RADIO RADAR · 1,345 stations 모니터링 Spotify RADAR · 73개국 일간 차트 Newsroom PR · 6개 언어 자동 번역
Legal Center

Security

Last updated: 2026-06-22 (KST) · Effective: 2026-06-17

한국어
This document is provided in Korean and English. In case of any conflict, the English version prevails.

This Security Policy summarises the technical and organisational measures SOUND.RADAR, operated by TAEON Branding Agency Pte. Ltd., applies to protect personal data and Customer Content. It supports our Privacy Policy and DPA. No system is perfectly secure, but we work continuously to protect data.

1. Access and Authentication

  • Passwords are stored only as one-way hashes; we never see your plaintext password.
  • Two-factor authentication (TOTP) is available and recommended.
  • Role-based access control (owner / manager / editor / viewer) with granular permissions and artist-scope limits.
  • Internal access to Customer data is limited to what is necessary and is subject to audit logging.

2. Application and Data Security

  • Encryption in transit (HTTPS/TLS).
  • CSRF protection on state-changing requests; output escaping to mitigate XSS.
  • Parameterised database queries to mitigate SQL injection.
  • Upload validation (type and size limits, randomised filenames).
  • Signed payment webhooks (HMAC) and timestamp validation.
  • For public-page analytics, raw IP addresses are minimised or hashed; identifiers used for abuse/velocity prevention are hashed and short-lived.

3. Abuse and Fraud Prevention

  • Bot protection (e.g. Cloudflare Turnstile) on public forms.
  • Velocity/abuse detection and flagging of suspicious activity.
  • URL safety checks for links where enabled.

4. Operational Security

  • Audit logging of administrative and security-relevant actions.
  • Payments are handled by Stripe; we do not store full card numbers (PCI handled by Stripe).
  • We engage reputable sub-processors under data-protection obligations (see DPA Annex A).

5. Incident Response and Breach Notification

If we become aware of a security incident affecting personal data, we assess it without delay, take remedial steps, and notify the Singapore PDPC and affected individuals as described in our Privacy Policy (within 3 calendar days of determining a breach is notifiable), and assist controllers as required.

6. Your Role

Keep your credentials, API keys and 2FA device secure, use strong unique passwords, and report suspected vulnerabilities or incidents to contact@taeon.one.

© 2026 TAEON Branding Agency Pte. Ltd. · SOUND.RADAR · Legal Center · Home