Security & Compliance

Infrastructure and Network Security

Physical Access control

Modjo is hosted on Amazon Web Services( AWS). According to the AWS commitments, physical barrier controls are used to prevent unauthorised entrance to the Facilities both at the perimeter and at building access points. AWS also maintains electronic intrusion detection systems designed to detect unauthorised access to the Facilities, including monitoring points of vulnerability (for example, primary entry doors, emergency egress doors, roof hatches, dock bay doors, etc.) with door contacts, glass breakage devices, interior motion-detection, or other devices designed to detect individuals attempting to gain access to the Facilities. All physical access to the Facilities by employees and contractors is logged and routinely audited.

Modjo employees do not have physical access to AWS data centers, servers, network equipment or storage.

Penetration testing

Modjo undergoes annual penetration testing conducted by an independent, third-party agency. No customer data is exposed to the agency through penetration testing.

Information about any security vulnerabilities successfully exploited through penetration testing is used to set mitigation and remediation priorities. A summary of penetration test findings is available to customers upon request.

Data Security and Privacy

Data Encryption

Data in Modjo servers are encrypted at rest.Encryption at rest enables continuity measures like backup and infrastructure management without compromising data security and privacy.Modjo exclusively sends data over HTTPS transport layer security (TLS) encrypted connections for additional security as data transits to and from the application.The traffic of data between our servers and database/data storage takes place within our VPC in AWS.

Data Removal

When a customer terminates their contract with Modjo, all data stored in the account becomes inaccessible to the customer within 24 hours. All the data collected by Modjo will be deleted from production upon the expiration of a 30 days delay. Data can also be deleted on request from the Account Manager responsible for the account or by contacting the DPO at the following address dpo@modjo.ai.

Application Security

Single Sign-On (SSO)

Users can sign-up on Modjo with Google or Microsoft accounts using SSO.In that case, they won't have the option to have a dedicated password on Modjo.If Multi-Factor Authentication is activated fro your identity provider (Microsoft or Google), this also allows for enforcing MFA for Modjo login.

Password Security

Modjo requires complex password policy using at least 8 characters, a special character, an upper and lower case, and a digit character.

Corporate Security

Security policies

Modjo has a set of internal security policies. These policies are updated and reviewed at least once a year. An overview of these policies is available on request from our customers.

Employees training

All new employees receive onboarding, GDPR and security training. Additionally, all employees complete GDPR training at least once a year.

Data Privacy

To ensure that personal data you send Modjo is afforded the protections required by applicable data protection laws, Modjo offers a Data Processing Agreement that incorporates its data privacy commitments.

Employees training

All new employees receive onboarding, GDPR and security training. Additionally, all employees complete GDPR training at least once a year.