ABBYY Cloud OCR SDK security overview
ABBYY makes security and privacy a priority following industry best practices to protect your data.
Microsoft is responsible for the security of the hosting environment (which includes physical security, fault-tolerance & redundancy, operations and personnel security). Microsoft’s security procedures which include encrypted communications and operational processes, identity and access management, intrusion detection, DDoS attack prevention, penetration testing, data analytics, machine learning and others are described here.
ABBYY is responsible for ABBYY Cloud OCR SDK service application security and operations and personnel security from ABBYY’s part. ABBYY maintains technical and organizational measures designed to provide and enable security for the ABBYY Cloud OCR SDK. This includes a variety of security technologies and procedures to save uploaded data from unauthorized access, use or disclosure, see below.
Additional information for European customers: ABBYY offers contracts according to the European data protection laws for commissioned data processing. Should you wish to process sensitive personal data please contact us to discuss this offer further.
We at ABBYY understand the importance of privacy and data protection and believe that protection of our customers’ data must be our top priority. With ABBYY Cloud OCR SDK you can process data in a GDPR compliant manner if you choose the European data center for processing or if you are domiciled in a country that is a member of European Economic Area (EEA), the United Kingdom, or Switzerland. For details please consult the Developer Agreement and the Data Processing Addendum.
For more information, please contact us.
Clear data location
The customer data is currently processed and stored at Microsoft Windows Azure data centers in USA and Western Europe (the Netherlands). In future, copies of the ABBYY Cloud OCR SDK service may be started in other regions to meet requirements of customers from those regions. As a customer, you choose where your data will be stored.
Need another location? Please, let us know.
ABBYY Cloud OCR SDK is SOC 2 Type II certified – PWC (PricewaterhouseCoopers) has evaluated our product, infrastructure, and policies, and certifies that our service complies with SOC stringent requirements. To receive ABBYY SOC Report please contact us (NDA signing is required to receive the report).
In addition, we are open to discussing any specific types of certification that may be pertinent to your requirements. Please feel free to let us know.
We don’t store or access your data
ABBYY Cloud OCR SDK is not a storage service; it’s for OCR processing only. Images and recognition results are deleted in 2 ways:
- Developer can delete them immediately after processing using the API call. So, you are in full control of your data.
- If data is not deleted using the API, then an automated procedure will remove the images within 24 hours (for processed images) or within 48 hours (for unprocessed images).
In accordance with our procedures, ABBYY employees are not permitted to review client images and recognition results, even within these 48 hours, except in exceptional circumstances where an image:
- causes the service failure
- leads to the abnormal consumption of computing resources,
- leads to additional exceptional cases connected with the functionality of the service
a limited number of authorized ABBYY personnel may review this image for the sole purpose of reproducing and fixing the issue this image has caused. In such cases the original image will also be deleted, and only a derivative image, without any personal/confidential data, can be used to fix the issue.
Organizational security measures
ABBYY Cloud OCR SDK service is designed to be run without routine access to customer data by ABBYY personnel. A limited number of authorized ABBYY personnel may technically access customer data, while nobody at ABBYY is allowed to review your data.
Access to the service by ABBYY employees is controlled and logged. Whilst there are several access levels, only a limited number of employees have access to the part of the system containing confidential data.
All uploaded data is automatically deleted from the service storage within 48 hours.
ABBYY Cloud OCR SDK service supports encrypted data transfer using HTTPS with high-grade encryption. Data transfer between Azure processing nodes and the storage in Azure is also protected with an encryption.
ABBYY Cloud OCR SDK was built using best practices for fail-safe architecture creation. In order to eliminate any critical issues we test ABBYY Cloud OCR SDK service for vulnerabilities every 6 months using application security scanners such as OWASP ZAP and xSpider.