Encryption

Regula IDV Platform protects data using encryption in two areas:

• Data in transit encryption — protects data while it is transmitted between client applications (mobile/web) and the backend.
• Data at rest encryption — protects data stored in persistent storage (files and databases).

Data in Transit Encryption

When data is sent from mobile or web clients to the Regula IDV backend, it is transmitted over HTTPS (TLS).

Depending on the configured workflow, sensitive data may include document images, RFID/chip read results, face images, or liveness/video frames. In all cases, transport is protected by TLS (HTTPS) as part of the client-backend communication.

All sensitive payloads (document images/data and biometric data) are transmitted through the Platform’s dedicated components:

• Document data is captured and sent via the Document Reader SDK.
• Biometric (selfie/liveness) data is captured and sent via the Face SDK.

Relevant SDK security documentation (HTTPS/TLS):

• Document Reader SDK Web Service: Infrastructure Security (HTTPS)
• Face SDK Web Service: Security (HTTPS / reverse proxy example)
• Face SDK: Security

Data at Rest Encryption

Data at rest encryption is provided by the native encryption mechanisms of the storage and database solutions used by the Platform. This includes encryption of stored objects (files) and persisted database/index data.

File storage

Name	Documentation
Amazon S3	AWS docs: Using server-side encryption
Azure Blob Storage	Microsoft Learn: Azure Storage encryption for data at rest
Google Cloud Storage	Google Cloud docs: Default encryption at rest Google Cloud docs: Data encryption options (Cloud Storage)

Databases and search

Name	Documentation
MongoDB (self-managed / Enterprise)	MongoDB docs: Encryption at Rest
MongoDB Atlas	MongoDB Atlas docs: Encryption at Rest using Customer Key Management
OpenSearch	OpenSearch docs: Security (encryption in transit overview) Amazon OpenSearch Service docs: Encryption of data at rest