Safety and compliance

Infrastructure and network security

Physical access control

Modjo is hosted on Amazon Web Services (AWS). In line with AWS commitments, physical barriers are used to prevent unauthorized entry to the facilities, both at the perimeter and at building access points. AWS also operates electronic intrusion detection systems designed to detect unauthorized access to facilities, including monitoring points of vulnerability (e.g. main entrance doors, emergency exit doors, roof hatches, dock doors, etc.) with door contacts, glass breakage devices, interior motion detectors or other devices designed to detect people attempting to access facilities. All physical access to facilities by employees and subcontractors is recorded and regularly audited.

Modjo employees have no physical access to AWS data centers, servers, network equipment or storage.

Tests d'intrusion

Modjo undergoes annual penetration testing by an independent third-party agency. No customer data is exposed to the agency through penetration testing.

Information on all security vulnerabilities successfully exploited through penetration testing is used to define priorities for mitigation and remediation. A summary of penetration test results is made available to customers on request.

Data security and confidentiality

Data encryption

Modjo server data is encrypted at rest. Encryption at rest enables continuity measures such as backup and infrastructure management without compromising data security and confidentiality. Modjo sends data exclusively via HTTPS (TLS) encrypted connections for enhanced security when data is in transit to and from the application.Data traffic between our servers and the database/data storage takes place within our VPC on AWS.

Data deletion

When a customer terminates their contract with Modjo, all data stored on the account becomes inaccessible to the customer within 24 hours. All data collected by Modjo will be deleted from production after 30 days. Data can also be deleted upon request to the account manager responsible for the account or by contacting the DPO at dpo@modjo.ai.

Application security

Single sign-on (SSO)

Users can register on Modjo with Google or Microsoft accounts via SSO. In this case, they will not be able to have a dedicated password on Modjo. If multi-factor authentication is enabled with your identity provider (Microsoft or Google), this also enables MFA to be applied for Modjo login.

Password security

Modjo requires a complex password policy using at least 8 characters, one special character, one uppercase, one lowercase and one numeric character.

Company security

Safety policies

Modjo has a set of internal security policies. These policies are updated and revised at least once a year. An overview of these policies is available on request from our customers.

Employee training

All new employees receive induction, RGPD and security training. In addition, all employees undergo RGPD training at least once a year.

Data confidentiality

To ensure that the personal data you send to Modjo is afforded the protection required by applicable data protection laws, Modjo offers a data processing agreement that incorporates our data privacy commitments.

Employee training

All new employees receive induction, RGPD and security training. In addition, all employees undergo RGPD training at least once a year.