Data Security

All document scans are processed and transferred under strict, GDPR compliant, safety policies. Through the use of a secure protocol, files are sent to the Azure Cognitive Services Face service, which renders a score, that is finally returned to the FintechOS application. Data is safe under strict supervision as it follows a clear path from the sender to the FintechOS cloud.

Data Flow

  1. The end-user sends the document scan and selfie to the FintechOS application server over secure communication channels (HTTPS encrypted messages, including the HTTP headers and request/response data).
  2. The application server sends the files to the FintechOS cloud service via the Azure API Management gateway, also using HTTPS. The API Management gateway ensures secure communication and provides identity and access management to the FintechOS cloud service.
  3. The files arrive at the FintechOS cloud service (hosted on a private load-balanced cluster of virtual machines in the Azure cloud). The virtual machines are managed by FintechOS and can be accessed only using the API Management services (no Internet access is allowed to any virtual machine or load-balanced cluster).
  4. The FintechOS cloud service processes the ID document (each ID card field is delimited), and forwards the ID picture and selfie for face recognition to the Azure Cognitive Services Face service (also hosted on the Azure cloud).
  5. The face recognition service returns the face recognition confidence score to the FintechOS cloud service, which sends the information back to the FintechOS application via the API Management gateway.
IMPORTANT!  
No data is stored in a cloud. All processed information is immediately deleted.

Location

The API Management gateway, the FintechOS cloud service (load balancer and virtual machines), and the face recognition service are provisioned using the Microsoft Azure cloud service in the Western Europe data center (Amsterdam, Netherlands) with fail-over backup services on the Northern Europe data center (Dublin, Ireland). No data leaves the European Union in transit or at rest.

Based on customer requirements, similar services may be provisioned in the future in other regions.

Compliance

For cloud services compliance information, see: