ABBYY Cloud OCR SDK security overview
ABBYY makes security and privacy a priority following industry best practices to protect your data.
Microsoft is responsible for the security of the hosting environment (which includes physical security, fault-tolerance & redundancy, operations and personnel security). Microsoft’s security procedures which include encrypted communications and operational processes, identity and access management, intrusion detection, DDoS attack prevention, penetration testing, data analytics, machine learning and others are described here.
ABBYY is responsible for ABBYY Cloud OCR SDK service application security and operations and personnel security from ABBYY’s part. ABBYY maintains technical and organizational measures designed to provide and enable security for the ABBYY Cloud OCR SDK. This includes a variety of security technologies and procedures to save uploaded data from unauthorized access, use or disclosure, see below.
Additional information for European customers: ABBYY offers contracts according to the European data protection laws for commissioned data processing. Should you wish to process sensitive personal data please contact us to discuss this offer further.
Clear data location
All customer data is currently processed and stored on servers at Microsoft Windows Azure data centers within Western Europe. The geo replication is currently limited within Western Europe. In future, copies of the ABBYY Cloud OCR SDK service may be started in other regions to meet requirements of customers from those regions. Customers will then be able to decide where they wish to store their data.
Need another location? Please, let us know.
ABBYY Cloud OCR SDK is SOC 2 Type II and SOC 3 certified – PWC (PricewaterhouseCoopers) has evaluated our product, infrastructure, and policies, and certifies that our service complies with SOC stringent requirements. To receive ABBYY SOC Report please contact us (NDA signing is required to receive the report).
In addition, we are open to discussing any specific types of certification that may be pertinent to your requirements. Please feel free to let us know.
We don’t store or access your data
ABBYY Cloud OCR SDK is not a storage service; it’s for OCR processing only. Images and recognition results are deleted in 2 ways:
- Developer can delete them immediately after processing using the API call. So, you are in full control of your data.
- If data is not deleted using the API, then an automated procedure will remove the images within 24 hours (for processed images) or within 48 hours (for unprocessed images).
In accordance with our procedures, ABBYY employees are not permitted to review client images and recognition results, even within these 48 hours, except in exceptional circumstances where an image:
- causes the service failure
- leads to the abnormal consumption of computing resources,
- leads to additional exceptional cases connected with the functionality of the service
a limited number of authorized ABBYY personnel may review this image for the sole purpose of reproducing and fixing the issue this image has caused. In such cases the original image will also be deleted, and only a derivative image, without any personal/confidential data, can be used to fix the issue.
Organizational security measures
ABBYY Cloud OCR SDK service is designed to be run without routine access to customer data by ABBYY personnel. A limited number of authorized ABBYY personnel may technically access customer data, while nobody at ABBYY is allowed to review your data.
Access to the service by ABBYY employees is controlled and logged. Whilst there are several access levels, only a limited number of employees have access to the part of the system containing confidential data.
All uploaded data is automatically deleted from the service storage within 48 hours.
ABBYY Cloud OCR SDK service supports encrypted data transfer using HTTPS with high-grade encryption. Data transfer between Azure processing nodes and the storage in Azure is also protected with an encryption.
ABBYY Cloud OCR SDK was built using best practices for fail-safe architecture creation. In order to eliminate any critical issues we test ABBYY Cloud OCR SDK service for vulnerabilities every 6 months using application security scanners such as OWASP ZAP and xSpider.