1.1 Standards of Compliance

The Signet system strictly complies with the issued information security standards (international standards, national standards) to help ensure that the system has a legal basis to meet the requirements for secure communication application serving specific customers with high-security requirements. There in:

• Comply international standards: Comply international standards for encryption, FIPS 140-3 cipher with modules, cryptographic algorithm, key generated. This standards are certified by The National Institute of Standards and Technology. Comply international standard for ISO/IEC 27001 Information Security management system.
• Comply national standards: Comply national standards ISO/IEC 27001:2009 on Digital Information Security Management. Respond requirements on level 4 according to Decree No.85/2016/ND-CP on assurance of information system security by level.

1.2 Core Principles

Signet's mission is to help organizations transform the method they use and build systems that protect high-value data, information, and goals. That's why Signet works diligently with the best experts in security and the most innovative teams in technology.
Other communication platforms store or exploit users' communication information and share them with regulators or third parties. Signet will not and never shares user’s contact information. In fact, Signet does not have access to any messages or communications which are created on the Signet platform due to an architecture that always puts the privacy and security of users first.

2. Privacy Policies

2.1 Access and Collect Information Authorities

Signet does not use any measure to track the content of messages, exchanges or any other method to monitor and collect data when using Signet. Signet complies with the principle of minimum authority in granting access to resources on the devices, ensuring the correct execution of flows and functions according to the allocated authority. Several policies on access and information collection when using Signet:

• Personal information provided by the user: include the following information: username, phone number and email provided to create and authenticate the account
• User-licensed access information: When using the Signet application, the user can authorize Signet to use the system’s APIs to access data on the device such as: (1) Write data applications to a memory card, (2) Read and write photo gallery, files, (3) Access to camera, microphone, (4) Permission to phone contact... All of them are performed by Signet with the user's agreement.
• Automatically Collected Information:

  - Device Information: information about device configuration, operating system, software version.

  - Used data for aggregation: We may collect metrics for basic operating statistics, collect application error logs to improve the application experience for users.

2.2 Data Storage Policies

• Data storage on the server: Signet server is designed with a intermediary role in the transmission of encrypted messages. With the security solution and the end-to-end encryption method. Signet ensures that only authorized users can access, decrypt message content, file stored on Signet server. These encrypted archives will expire and are automatically removed from the system according to the Data Storage Policies.
• Data storage on the user devices: All user messages are protected, stored in an encrypted database, all files are stored encrypted using AES-256 algorithm with separate keys. Users can customize the storage time for messages and files by changing the configuration on the application.

2.3 Using Third-party Services Policy

To upgrade the application, as well as bring users the highest value, Signet cooperates with a number of other service providers. These service providers do not have access to any of the user information described in this Privacy Policy. Signet always considers, selects and controls carefully service providers based on Signet's commitment to user’s privacy and security. The Signet security team meticulously verifies each component to make sure that Signet's privacy policies are always complied.

2.4 Security Information Commitment

Signet uses secure communication methods (HTTPS, TLS, SRTP), end-to-end data encryption (RSA-2048, AES-256) and stores encrypted data in all system communications. We commit all of the information which is provided by the user or Signet collected will not disclose to any party unless appropriately requested by the Competent Law Enforcement Authority.