5.2 Xiaomi Cloud
Xiaomi Cloud can store users' contacts, messages, photos, call history, notes, and other information, and allow such information to be automatically synchronized between the user's devices. At the same time, users can recover data, to the extent possible, if the device becomes damaged or lost. Users can browse and manage their data anytime, anywhere on other devices or through Mi Cloud.
5.2.1 User data synchronization
After the user enables Xiami Cloud services, they can choose to synchronize the following data or disable it at any time.
| Synchronized Apps and Services | Synchronized data | Encrypted in transit | Encrypted at rest | Encryption Methods |
|---|---|---|---|---|
| Messages | User's current phone number | Yes | Yes | A minimum of 128-bit AES encryption |
| User's local text message data | Yes | Yes | A minimum of 128-bit AES encryption | |
| The list of text message conversations and the list of private numbers the user pins to the top of screen. | Yes | Yes | A minimum of 128-bit AES encryption | |
| Call history | User's current phone number | Yes | Yes | A minimum of 128-bit AES encryption |
| User's local call records | Yes | Yes | A minimum of 128-bit AES encryption | |
| Contacts | User's contact and profile pictures | Yes | Yes | A minimum of 128-bit AES encryption |
| Notes | User's local notes | Yes | Yes | A minimum of 128-bit AES encryption |
| Mi Browser | The user's local browser bookmarks, history, labels, etc. | Yes | Yes | A minimum of 128-bit AES encryption |
| Wi-Fi Settings | Settings and data for Wi-Fi networks to which the user is connected | Yes | Yes | A minimum of 128-bit AES encryption |
| Recorder | User's local audio recordings and audio file information | Yes | Yes | A minimum of 128-bit AES encryption |
| Home screen cloud backup | User's home screen layout, wallpapers | Yes | Yes | A minimum of 128-bit AES encryption |
| User's alarm, clock and time setings | Yes | Yes | A minimum of 128-bit AES encryption | |
| User's notification settings | Yes | Yes | A minimum of 128-bit AES encryption | |
| User's MIUI and system settings | Yes | Yes | A minimum of 128-bit AES encryption | |
| Calendar | User's Mi calendar data | Yes | Yes | A minimum of 128-bit AES encryption |
| Gallery | The data in the local album and the data in the folders specified by the user to be synchronized | Yes | Yes | A minimum of 128-bit AES encryption |
| Bluetooth | User’s bluetooth data | Yes | Yes | A minimum of 128-bit AES encryption |
| Frequent phrases | User’s frequent phrases data | Yes | Yes | A minimum of 128-bit AES encryption |
5.2.2 Data security
To prevent user data from being stolen or tampered with, HTTPS encrypted channels are used for transmission among Web terminals, mobile phones, and servers during the data synchronization process. In addition, the Cloud service website has a 15-minute session time-out and auto logoff mechanism.
During the data storage process, Xiaomi Cloud services divide each file into multiple blocks, with each block encrypted separately using AES algorithms with key lengths of at least 128 bits, i.e., in absence of the key, the data cannot be decrypted even when physical access to the disk is obtained.
To prevent the loss of users' cloud storage data due to force majeure factors, Xiaomi has chosen several public cloud service providers to provide data storage and backup services. For public cloud service providers that store user data, Xiaomi has formulated strict security requirements and evaluation standards and has rigorously selected service providers that meet the relevant requirements. Xiaomi only stores encrypted data blocks on public third-party clouds and does not share encryption keys.
5.2.3 User Data Deletion
Users have the right to change or delete the data uploaded to cloud space. When the user deletes the data including message, photo, contact and note proactively, the corresponding data in the cloud space will be marked as deleted and temporarily stored in the recycle bin. The user can still recover the data sent to the recycle bin for a period to reduce any loss caused by accidental deletions. The data retention period in the recycle bin is subject to the user's membership plan and validity period, with a minimum retention of 30 days and maximum retention of 180 days.
Data emptied manually or automatically from the recycle bin after the retention period will be permanently deleted from the server and cannot be recovered. If a user closes his/her Mi Account, the user data in the cloud space will also be permanently deleted.