EZVIZ implements multi-layered methods to ensure that your device communicates encrypted data and performs firmware upgrades safely, while maintaining a secure operating system.
Every layer of data – from the EZVIZ cloud to the app and the connected device – is fully encrypted from end to end with AES encryption and TLS encryption protocols.
The user is the only owner of their information throughout the data lifecycle. EZVIZ requires complex, multi-step authentications to make sure only the user has access to their account and device data.
We do our best to provide continuous protection for our products through necessary security updates within the support period. These updates include bug fixes and new security features based on user feedback and industry best practices.
Each device downloads the upgrade package from the server with a strict two-way authentication mechanism, and the transmission channel of the firmware package uses the industry-recognized, secure HTTPS transmission channel.
After downloading the update package, the device will first perform a firmware integrity check to avoid updating a firmware package that has been maliciously tampered with or implanted with viruses.
The updated firmware of the device is reinforced with secure encryption algorithms to ensure that the firmware is encrypted during transmission.
EZVIZ devices follow the principle of minimizing the number of open ports, keeping only the functional ports open that are needed by the business to maintain the use of basic functions, and the non-business ports are all closed.
EZVIZ devices have joined the stack protection mechanism, which can effectively prevent the occurrence of buffer overflow or other problems that cause the device to crash and become unusable.
All ports and protocols open on the device must be authenticated and verified prior to interaction, and no data messages will be received if they have not passed authentication or verification. All external input parameters received by the device are subjected to data validation and data filtering, which can effectively prevent buffer overflow, stack overrun and other problems.
All ports and protocols that interact with the device for authentication or certification are equipped with protection measures against brute force attacks that effectively prevent attackers from bypassing the authentication and verification of the device using enumeration techniques.
EZVIZ develops a reliable, disaster-tolerant infrastructure, and applies strict network and storage security principles to protect users' data to the highest degree.
To ensure smooth, secure and continuous use of EZVIZ products and services for our global users, EZVIZ has developed a network of globally distributed cloud servers by flexibly deploying data and systems in different data centers and regions to meet local laws and regulations, as well as the company's disaster tolerance requirements.
We partner with market-leading service providers including Amazon Web Services (AWS) and Alibaba Cloud to ensure your data is protected by the best of the best in the industry.
Strict access controls: EZVIZ follows the principle of least privilege (POLP) to prevent unauthorized access to data.
Network segregation: EZVIZ uses multiple physical and logical isolation methods to achieve access control and boundary protection for the internal office network, development network, test network, production network and more.
Protection against intrusions: Our anti-attack system protects your data from threats caused by DDoS, bots or false identities, and grants access to only authorized visitors.
Multi-copy redundancy: EZVIZ adopts a distributed architecture – all servers are deployed simultaneously in multiple server rooms in different locations within the same city. Our database and data storage services use a multi-copy mode that guarantees at least two real-time copies and real-time data backup. This ensures the high reliability and availability of data and services on a physical level.
Storage encryption: EZVIZ provides different data storage services for different business scenarios, while using AES encryption to store sensitive data of customers or users. Sensitive data also undergo necessary desensitization treatment. At the same time, the keys are uniformly managed and distributed via the key management center for enhanced security.
EZVIZ designs its data system against disruptions, by using methods of real-time hot backup of master-slave data, redundant storage and multi-site backup. When incidents do occur, the impact on users and services can be as minimal as possible. The backup status is also monitored and verified in real time. At the same time, a multi-link backup system is implemented for the business system to ensure fast switchover in the event of an emergency.
Our products are private by design and supported by privacy enhancing technologies and flexible privacy control features.
We are committed to being transparent in our handling of data. For the EZVIZ websites and the EZVIZ App, we update and publish their privacy policies regularly, and inform users with clear texts when you register EZVIZ accounts or choose to enable privacy-associated features.
We design camera products with built-in privacy features and develop useful, easy-to-use control options and user settings. You can use these to feel secure when using EZVIZ products in private areas, customize your privacy preferences and manage your data confidently.