Information Security Policy

The purpose of this Information Security Policy (ISP) is to establish a comprehensive security framework to protect all information assets, particularly TikTok USDS data, managed by WFJ Global LLC. As an officially authorized TikTok partner, we are committed to providing professional services including API integration, digital advertising, and automated order management while maintaining the highest levels of data confidentiality, integrity, and availability.

This policy applies to all personnel, infrastructure, and operations managed through our Los Angeles headquarters.

WFJ Global LLC maintains a strict Data Classification Policy to ensure data is protected based on its sensitivity:

• Restricted (TikTok USDS Data): All sensitive merchant, order, and customer data accessed via TikTok Shop APIs.
• Confidential: Internal business strategies, financial records, and private software code.
• Internal: General corporate communications and non-sensitive operational data.
• Public: Information intended for public consumption on official websites.

We implement industry-standard encryption protocols to protect data throughout its lifecycle:

• Encryption At-Rest: All restricted TikTok data is stored within our US-based cloud infrastructure (AWS) using AES-256 encryption.
• Encryption In-Transit: All data communications between our servers and TikTok APIs are secured via TLS 1.2 or higher to prevent unauthorized interception.

WFJ Global LLC enforces the Principle of Least Privilege (PoLP):

• Authorized Access: Access to TikTok USDS data is restricted to a dedicated team of authorized technical personnel based in our Los Angeles office for system maintenance and seller support.
• Authentication: Mandatory Multi-Factor Authentication (MFA) is required for all administrative access and developer environments.
• Auditing: All access logs are recorded and audited quarterly to ensure compliance and detect unauthorized activities.

• Network Segregation: We utilize Virtual Private Clouds (VPC) to isolate our production environments from development and testing stages.
• Threat Prevention: We implement advanced firewalls and Intrusion Detection Systems (IDS) to monitor and mitigate network threats in real-time.
• Endpoint Security: All corporate devices in the Los Angeles office are equipped with enterprise-grade anti-virus and Endpoint Detection and Response (EDR) software.

WFJ Global LLC maintains a documented IRP with clarified roles and responsibilities:

• Identification: Automated monitoring tools provide 24/7 surveillance for security anomalies.
• Notification: In the event of a verified or suspected data breach, we will notify TikTok and affected sellers within 24 to 72 hours.
• Recovery: Procedures are in place to isolate affected systems and restore services from secure backups.

• Data Minimization: We only collect data necessary for the authorized scope of services.
• Secure Deletion: Upon termination of the service relationship or user request, all associated TikTok customer data will be permanently deleted using industry-standard data sanitization methods.

Our operational processes are aligned with ISO27001 and SOC2 Type 2 frameworks. We conduct regular internal security assessments to ensure continued compliance with evolving data protection regulations, including CCPA.