Data Security and Compliance
Learn about the data processing scope, data flows, cross-border data transfer scenarios, and compliance requirements of STAROps.
Data Processing Scope
As an intelligent operations platform, STAROps retrieves observability data (metrics, logs, and traces) through Alibaba Cloud product APIs for analysis and diagnostics. The following table describes how STAROps processes different types of data.
|
Data Type |
Processing Method |
Storage Location |
|
Cloud product observability data (metrics, logs, and traces) |
Queried in real time via API. Raw data is not copied or retained. |
Remains in the original region of the cloud product |
|
Session records |
Conversation history between users and the AI |
The service region selected by the user |
|
Diagnostic reports |
AI-generated analysis and diagnostic results |
The service region selected by the user |
|
Mission execution results |
Action items and reports generated during Mission execution |
The service region selected by the user |
Output data, including session records, diagnostic reports, and Mission execution results, is stored in the service region you select: China (Beijing) or Singapore.
Regional Deployment Architecture
STAROps is deployed with a dual-center architecture:
|
Data Center |
Supported Sites |
Default Region |
Model Service |
|
China (Beijing) |
China site / International site |
Default for the China site |
Calls models in the Beijing region |
|
Singapore |
China site / International site |
Default for the international site |
Calls models in the Singapore region |
China site users can switch to the Singapore center, and international site users can switch to the Beijing center. After switching, STAROps uses the model service and data processing capabilities of the target region.
Data Flows
Scenario 1: No Cross-Border Transfer
If the STAROps service region and the cloud product resources are in the same jurisdiction, no cross-border data transfer occurs.
User → STAROps (Beijing) → Cloud product API (Hangzhou) → Data returned → Results stored (Beijing)
Scenario 2: Cross-Border Transfer
Cross-border data transfer occurs when you switch STAROps to a region in a different jurisdiction from where your cloud product resources are deployed.
Typical scenario: A China site user selects the Singapore center and queries cloud product data deployed in mainland China.
User → STAROps (Singapore) → Cloud product API (Beijing) → Query results transferred to Singapore → Results stored (Singapore)
The following data is transferred to and stored in Singapore in this scenario:
-
Model invocation requests and responses: AI inference runs in the Singapore region.
-
Session context: Conversation history is stored in Singapore.
-
Query results: Data retrieved from cloud product APIs in mainland China is processed and stored in Singapore.
-
Diagnostic reports and Mission results: AI-generated analysis outputs are stored in Singapore.
STAROps does not copy or retain the original business data of cloud products. Only query results and AI analysis outputs are transferred across borders, not your full business data.
Cloud Product Data Interaction
STAROps interacts with cloud products in the following ways:
|
Interaction Method |
Description |
|
API calls |
STAROps calls OpenAPIs of Cloud Monitor (CMS), Log Service (SLS), and other products to retrieve observability data. |
|
Data access scope |
Determined by the data authorizations of the Digital Employee. Only authorized data is accessed. |
|
Cross-region queries |
When the STAROps region differs from the cloud product resource region, API calls and returned data are transferred across regions. |
Cross-Border Transfer Triggers
The following actions may trigger cross-border data transfer:
|
Action |
Triggers Cross-Border Transfer |
Description |
|
Switching the STAROps service region in the console header (for example, from Beijing to Singapore) |
Possible |
After switching, subsequent model calls and data processing occur in the target region. |
|
Selecting objects in a cross-border region within a Workspace or Project |
Possible |
When querying cloud product data in a cross-border region, query results are transferred to the STAROps service region. |
|
Using STAROps within the same region (for example, Beijing center querying Beijing resources) |
No |
Data flows within the same region. |
When you perform a cross-border switch for the first time (including after switching devices), a compliance notice dialog appears. You must select the confirmation checkbox before proceeding.
Data Security Measures
|
Security Dimension |
Description |
|
Data isolation |
Data from different accounts is strictly isolated. A Digital Employee (Agent) can only access data within its authorized workspace. |
|
Transmission security |
All API calls and data transfers are encrypted via HTTPS. |
|
Data retention |
When a Mission is deleted, all associated data, including action items, reports, and session records, is permanently removed. Disabling a Mission does not affect data retention. |
|
Execution safety |
A built-in Human-in-the-Loop (HIL) mechanism requires human confirmation before executing high-risk operations. |