For Institutions with AML obligations, article 6 of GDPR lays out the legal basis for collection and processing of relevant data. We as a data processor come under article 6(f) that allows for data processing for “legitimate interests”, justifiable on a case-by-case basis.

We offer multiple hosting solutions including in-premise solutions. We have our data centers in Toronto, Canada. Our GDPR complaint systems are hosted on AWS within EU.

All information transmission is carried over TLS in a public network and a secured/SSL VPN in private network.

All the personal information stored in databased are encrypted. The information on file system is stored in designated locations earmarked for each customer that is configured at an account level. The access is restricted by password and limited to the designated customer.

The default implementation retains all the audit trails archived for 5 years after which these are destroyed. However, each user can setup a custom data purge policy to remove every X number of days. Alternately, the user can remove the data on an on-demand basis.