Trust & Security

Security & Privacy

Security and privacy are foundational to how we design, build, and deliver our products. Identity verification involves the most sensitive personal data — we built our entire architecture around the principle that this data should never leave your control.

On-Premise by Design

Unlike cloud-based verification services, Assurique products run entirely on your infrastructure. This is not an optional deployment mode — it is the only way our software operates.

Your verification data — document images, biometric data, liveness video, NFC chip data, and all results — never leaves your servers

There are no outbound connections to Assurique or any third-party service

There is no telemetry, analytics, or usage tracking of any kind

You maintain complete control over data storage, retention, and deletion

Your data stays within your jurisdiction and under your governance

Data Sovereignty & Regulatory Compliance

With Assurique, data sovereignty is guaranteed by architecture, not by policy:

No cloud dependency

The software requires no internet connection after deployment.

No data processor relationship

Because we never touch your data, no DPAs or cross-border transfer mechanisms are needed.

Full regulatory control

You implement data protection policies according to your local regulations and sector requirements.

Audit-ready

All verification data, audit logs, and decision trails are stored in your database under your control.

Algerian Regulatory Alignment

Regulation	Requirement	How Assurique Complies
Law 18-07	Personal data protection, consent, DPO obligations	All data stays on customer infrastructure; customer is sole data controller
Regulation 24-64	Digital banking platforms must be hosted domestically	Fully on-premise — no external hosting of any kind
Instruction 06-2025	Payment service providers require domestic hosting	No cloud dependency — runs 100% offline after deployment
Law 05-01	KYC/AML identity verification obligations	Provides the full verification pipeline to meet KYC obligations

Software Security

Secure Delivery

Products delivered as Docker images with integrity-verified, encrypted ML models

ML models encrypted with AES-256-GCM and verified with SHA-256 integrity checks at startup via signed manifest

License files cryptographically signed with RSA-4096 and bound to your specific machine

Application Security

All API communication uses HTTPS/TLS encryption

Authentication via API keys (server-to-server) and short-lived JWT tokens (SDK sessions)

Role-based access control for the management dashboard

Rate limiting and request validation on all endpoints

Comprehensive audit logging of all operations

Code Protection

Server-side code compiled to native binaries (not interpretable source)

Android SDK uses ProGuard/R8 obfuscation

ML models encrypted at rest and decrypted only in memory during operation

Infrastructure Security

Minimal Docker images with only required dependencies

No default passwords — all credentials are generated during installation

Process isolation between application components

Verification data processed in memory — not persisted beyond the active request

Identity Verification Security

Assurique Document Reader

Document Reader (OCR) — extracts and validates identity document fields with bilingual Arabic & French support

Authenticity analysis — ML-based detection of tampering, photocopies, and screen captures

EXIF metadata analysis — validates that document images are original photographs

Assurique Chip Reader

Basic Access Control (BAC) — secure channel establishment with the identity chip

Passive Authentication — cryptographic verification that chip data was not modified since issuance (CSCA chain)

Active Authentication — proves the physical chip is genuine and not a clone

Assurique liveness check

Liveness detection — multi-challenge protocol (head movements, expressions) to prevent photo, video, and mask attacks

Face matching — live selfie compared against document photo and NFC chip photograph

Anti-spoofing — multiple checks across different modalities to detect fraud attempts

Fraud Shield (built-in feature)

Risk scoring — multi-factor assessment combining document authenticity, biometric confidence, data consistency, and behavioral signals

Configurable thresholds to balance security requirements with user experience

Support for automated decisions and manual review workflows

Android SDK Security

Our Android SDK includes built-in security checks before processing sensitive data:

Root detection — identifies rooted or compromised devices

Debug detection — blocks operation when a debugger is attached

Emulator detection — prevents execution on emulated environments

Screen recording detection — alerts when screen capture is active during verification (FLAG_SECURE)

Secure communication — all server communication uses HTTPS with certificate validation

No local data persistence — the SDK does not store any verification data on the device

Responsible AI

Our ML models are designed for accuracy and fairness:

Representative training

Models are trained and validated on representative datasets to ensure consistent performance.

Explainable decisions

Verification decisions include confidence scores and component-level detail for each check performed.

Human review workflows

Manual review workflows are available for borderline cases, ensuring humans remain in the loop.

Override capability

All automated decisions can be overridden by authorized operators through the management dashboard.

Vulnerability Management

We continuously monitor dependencies for known security vulnerabilities

Critical security patches are released promptly and communicated to all active customers

We maintain updated versions of all cryptographic libraries and security-sensitive components

Certifications

Actively pursuing certifications

We are actively pursuing relevant security and compliance certifications. Contact us for the latest information on our certification status and roadmap.

Contact

For security or privacy inquiries:

Purpose	Contact
Security reports & technical issues	support@assurique.com
Privacy & data protection	privacy@assurique.com
General inquiries	contact@assurique.com

Assurique SARL, Algiers, Algeria Sunday–Thursday, 09:00–16:00 (UTC+1)

Latest articles

eKYC in Algeria: What It Does, How It Works & Why It Matters

AI-Powered Liveness Detection Explained

Algerian ID Chip Security for Businesses

Common questions

Compliance