Security Summary
ORGiD prioritises security and data protection through multiple layers of encryption, authentication, and access control. Here are the key security measures ORGiD implements:
1. Data Protection & Encryption
End-to-End Encryption: All data, including ID cards and user profiles, is encrypted during transmission and storage.
Google Cloud & AWS Infrastructure: ORGiD is hosted on Google Cloud Platform with backups on Amazon Web Services (AWS) to ensure high availability and security.
Tamper-Proof Digital ID Cards: ORGiD ID cards cannot be modified without admin approval, preventing fraud and unauthorised changes.
Organisation-based data isolation - employees of one company cannot see employees of another.
When an employee leaves a company, their digital ID is deactivated, and their data is deleted or anonymised if deletion is not possible.
2. Secure Authentication
Multi-Factor Authentication (MFA): ORGiD supports two-factor authentication for added login security.
Passkey & Security Key Support: Users can log in with:
Biometric authentication (Face ID, fingerprint)
Device security keys
Physical security keys (FIDO2, YubiKey)
Domain Restrictions for Business Signups: Businesses can limit ID card issuance to specific email domains (e.g., @company.com), blocking personal email addresses.
3. Dynamic QR Codes for Secure ID Verification
Time-Limited QR Codes: ORGiD generates dynamic QR codes that are valid for a short duration, reducing the risk of unauthorized access.
ORGiD Scanner-Only Decoding: QR codes can only be scanned and decoded using ORGiD’s official scanner, preventing third-party apps from accessing sensitive data.
4. Role-Based Access Control (RBAC)
Granular Admin Controls: Business admins can assign roles and permissions to users, ensuring employees only access necessary information.
Activity Logging & Auditing: ORGiD logs every action taken by admins and users for security tracking and auditing.
5. Secure ID Card Issuance & Management
Inactive by Default: New ID cards remain inactive until reviewed and approved by an admin.
QR Code-Based Signup: Employees can self-register, but their ID cards require admin approval before activation.
6. Automatic Check-In & Check-Out Security
QR Code-Based Check-In: Employees or members can scan their ORGiD ID to check in and out securely.
Auto Check-Out Feature: If a user forgets to check out, the system will automatically check them out at the end of the day to prevent fraudulent check-ins.
7. Compliance with Data Privacy Regulations
ORGiD follows strict privacy policies in compliance with GDPR, CCPA, and other data protection laws.
No Data Sharing with Third Parties: ORGiD does not sell or share user data with advertisers or third-party services.
Security Policy in place to guide all security-related initiatives.