The data collected through the eMundus solution is hosted either on eMundus servers (based in France) or on the client's servers.
eMundus receives the data sent by applicants and, through algorithmic processing, performs a compliance check on certain documents (passport, identity card, visa, ID photo) to verify that they are indeed the requested documents and that their format is correct.

To prevent any failure, backups of our web folders and databases are performed on our servers (rented from the provider SoYouStart). For backups, encryption is AES-256 (the encryption algorithm recommended by the French National Cybersecurity Agency, ANSSI) with a data retention policy (7-day backup, 4 backups per month, 12 backups per year for each client). All our machines are secure and do not use passwords for login. We all use RSA encryption keys ranging from 2048 to 4096 bits.

Here are some details regarding the security and confidentiality measures in place:

• Physical access to the processing facility is protected (secure building)
• A user authentication process is implemented (password)
• Connection logging is performed
• A firewall filters access to the server
• The connection to the platform is encrypted via an SSL certificate
• The backups are encrypted
• Back-office access is secured at the server level
• Risky IP addresses are blocked
• When a user's hacking attempt is detected, that user is automatically blocked

eMundus is not responsible for the storage and deletion of application data, which is used by our clients. Only an encrypted backup of the data is performed to guarantee the recovery of lost data. This backup takes place once a day and is kept for a maximum of one year. We reliably comply with our GDPR policy .