SECURITY · PRIVACY · INFRASTRUCTURE

Your data. Locked down — end to end.

Every customer document and every sensitive field is encrypted. OCR runs on our own servers — no third-party API ever sees your renters' identity documents.

AES-256 at rest

TLS 1.3 in transit

On-premise OCR · No third-party

THE THREE PILLARS

Built around three non-negotiables.

End-to-end encryption

Every document upload and every sensitive field is encrypted with AES-256 before it touches our database. Encryption keys are rotated and stored in a hardened vault — separate from the data they protect.

AES-256TLS 1.3Key rotation

OCR runs on our servers

We built our own OCR pipeline to extract CIN, driver's license, and passport data — and it runs entirely on our infrastructure. Your renters' documents never leave our perimeter. No Google Vision. No AWS Textract. No third-party API.

On-premiseZero third-partyMorocco-hosted

Strict access controls

Role-based permissions (Admin, Rental Agent, Staff) ensure every user sees only what they need. Every action — every contract view, every document open — is recorded in a tamper-evident audit log.

RBACAudit log2FA-ready

ENCRYPTION MATRIX

Everything we encrypt.

A field-by-field breakdown of how every piece of sensitive data is protected — from uploaded ID documents to plain-text license numbers.

Identity DocumentsPersonal DataBusiness Records

Field

Type

Encryption

Storage

CIN (National ID)

Front + back scan

Document

AES-256 at rest

Private object store

Driver's License (Permis)

Front + back scan

Document

AES-256 at rest

Private object store

Passport

ID page scan

Document

AES-256 at rest

Private object store

Vehicle Registration

Carte grise scan

Document

AES-256 at rest

Private object store

Phone number

+212 6XX XXX XXX

Plain text

Encrypted column

Encrypted DB

CIN number

AB123456

Plain text

Encrypted column

Encrypted DB

License number

12345678

Plain text

Encrypted column

Encrypted DB

License expiry

Expiration date

Plain text

Encrypted column

Encrypted DB

Date of birth

DD / MM / YYYY

Plain text

Encrypted column

Encrypted DB

Contracts & receipts

Signed PDFs, invoices

Document

AES-256 at rest

Private object store

Payment records

Transactions, balances

Plain text

Encrypted column

Encrypted DB

CIN (National ID)

Front + back scan

Document

Encryption

AES-256 at rest

Storage

Private object store

Driver's License (Permis)

Front + back scan

Document

Encryption

AES-256 at rest

Storage

Private object store

Passport

ID page scan

Document

Encryption

AES-256 at rest

Storage

Private object store

Vehicle Registration

Carte grise scan

Document

Encryption

AES-256 at rest

Storage

Private object store

Phone number

+212 6XX XXX XXX

Plain text

Encryption

Encrypted column

Storage

Encrypted DB

CIN number

AB123456

Plain text

Encryption

Encrypted column

Storage

Encrypted DB

License number

12345678

Plain text

Encryption

Encrypted column

Storage

Encrypted DB

License expiry

Expiration date

Plain text

Encryption

Encrypted column

Storage

Encrypted DB

Date of birth

DD / MM / YYYY

Plain text

Encryption

Encrypted column

Storage

Encrypted DB

Contracts & receipts

Signed PDFs, invoices

Document

Encryption

AES-256 at rest

Storage

Private object store

Payment records

Transactions, balances

Plain text

Encryption

Encrypted column

Storage

Encrypted DB

Every field above travels over TLS 1.3 when accessed via the dashboard. Encryption keys are managed in an isolated key-management service and rotated on a fixed schedule.

OCR · ON OUR SERVERS

Your renters' documents never leave our perimeter.

Most fleet platforms send CIN and driver's license scans to Google Vision, AWS Textract, or other third-party OCR APIs. We don't. Our OCR engine runs on our own infrastructure — the same servers your data is already on. Documents are processed in-memory, fields are extracted, and the result is encrypted before it's written to disk.

OCR for CIN, driver's license, passport, and vehicle registration runs locally
Documents are processed in-memory — never sent to Google, AWS, or any external API
Extracted fields are encrypted before they touch the database
Original document scans are stored in a private object store, encrypted at rest

Zero third-party API contact for customer documents

DATA-FLOW

Agent uploads document

Encrypted in transit via TLS 1.3.

OCR extracts fieldsON-PREM

Runs in-memory on our servers — never leaves our network.

Encrypted & stored

Both the scan and the extracted fields are encrypted at rest.

No third-party API is ever called

Not Google Vision. Not AWS Textract. Not Azure. Not anyone.

BEYOND ENCRYPTION

The rest of the security posture.

Morocco-hosted

Your data lives on infrastructure operated under Moroccan jurisdiction. No cross-border data shipping.

Encrypted backups

Automated daily backups, encrypted with separate keys, retained 30 days with point-in-time recovery.

TLS 1.3 everywhere

Every connection between your browser and our servers is encrypted with the latest TLS protocol.

Audit logs

Every login, every contract view, every document download is recorded — visible to admins.

Have a security question?

Need a DPA, a security questionnaire, or a deeper technical walk-through? Our team is ready.

Talk to our team Read Privacy Policy