Privacy & data retention

SecuGen MOSIP Management Server (MMS)

What we store

• Institution user accounts: email address, display name, role, account status, password (stored as a bcrypt hash, never in plaintext), and the last sign-in timestamp.
• Audit log: who did what and when — sign-in attempts, batch submissions, approvals, and administrative actions, retained for 90 days.
• Renewal batches: device serial numbers, expiry dates, free-text memo, and the batch outcome. Batch records are retained for 5 years from completion, after which they are removed by the retention scheduler.
• Evidence files attached to batches: retained for 90 days from completion, then purged.

What we don't store

We do not collect biometric data, location data, marketing-tracking cookies, or third-party analytics. The only cookies set are the session identifier (HTTP-only, secure where TLS is configured) and the CSRF token.

Where data is stored

The application database and key-management infrastructure run in Google Cloud (us-central1) for production deployments. Operators of an MMS instance are the data controller; SecuGen Corporation is the software vendor and acts as a processor only when explicitly contracted.

Your rights

You can ask the administrator of this MMS instance to:

• Access a report of the data held about you (subject access request).
• Correct inaccurate information (e.g. a misspelled email address).
• Erase your account and all associated audit-log entries. Renewal batches you submitted are kept for the institution's records but the actor is anonymised.

Contact the administrator of your institution to exercise any of these rights. The administrator will action the request through the admin portal.

← Back to sign-in