UlinkCMS Data Collection Policy
In accordance with the Cybersecurity Law and other relevant regulations, network operators (including websites, applications, etc.) are required to retain network log information for no less than 6 months. These logs should include basic information such as user activity records, access times, and IP addresses.
As per Order No. 82 of the Ministry of Public Security (Regulations on the Security Protection of Computer Information Networks Connected to the International Network), websites and online service providers must retain user-related network logs and cooperate with law enforcement investigations. The specific log information includes:
- User identity information (e.g., login name, phone number, etc.)
- User network activity information (e.g., browsing history, activity logs, etc.)
- Technical information such as IP address, port numbers, etc.
Data Collection
UlinkCMS will collect and store user online information as required by law, which includes but is not limited to:
- The user's IP address and Internet Service Provider (ISP) information.
- The request headers, request body, and query strings sent by the user.
- The exact time (down to the second) when a specific URL was accessed.
- Server responses to POST requests.
- Browser fingerprints (generated by UlinkCMS's custom algorithm designed to enhance account security).
For non-user requests (i.e., requests initiated by UlinkCMS's own scripts), these are considered preflight requests. The browser will automatically enforce same-origin policies to ensure the security of user data and the server.
Log Collection Triggers
- General Navigation Requests: If a user is logged in and requests a page through general navigation, UlinkCMS will record that user's request. If the same page is accessed multiple times within one hour, the request will not be recorded again.
- Non-GET Preflight Requests: If a user is logged in, UlinkCMS will record all information for non-GET requests, including the request type, request path, and timestamp.
- Unauthorized Page Access: If a user attempts to access a page they do not have permission to view, the system will automatically record that user's request.
- Non-Existent Pages: If a user requests a page that does not exist, UlinkCMS will not record that request.
Permanent Data Retention
UlinkCMS will permanently retain certain data to facilitate security reviews and audits. This ensures that any security incidents or irregularities can be thoroughly investigated. The data retained indefinitely will include but is not limited to:
- Critical user activities (e.g., login records, access to sensitive resources).
- Requests related to administrative access.
- Logs required for forensic analysis.
Access to Information
Only the website owner has the authority to independently access the detailed information collected by UlinkCMS. No other party can retrieve this data without permission or legal authorization.
This permanent data retention and access control are implemented in compliance with security protocols and are necessary for maintaining the integrity and safety of the platform.
© 2024 UlinkCMS. All rights reserved.