FAQ

Rossum is fully committed to ensuring GDPR compliance. We process customer-supplied documents for the primary purpose of data capture, as instructed by our customers. The secondary purpose is further research and development of data extraction technology.

We have every reason to believe that this processing fully complies with the GDPR. This is based on the nature of the data and the GDPR balance test, especially since it does not involve invoices from third-party customers or invoices that contain sensitive personal data.

Please see our Terms and Conditions for more information.

When transferring data in and out of the cluster, we always use encryption. For data at rest, we use AES 256 keys managed in the AWS Key Management Service. For all data in transit using HTTPS (including HSTS), we use TLS v1.2.

When in motion, all external communication is strictly encrypted, typically via HTTPS for regular production operations. We use SSH encryption to encrypt external communication for some service and maintenance purposes.

Communication with the database is always encrypted. We use an audit log for all operations executed in the application.

If you are an RPA integrator, remember that because RPA solutions rely on a static User Interface to operate, they are neither recommended nor supported by our development team. We can’t guarantee the Rossum UI to be static enough not to break such setups.

To learn more about Rossum integrations, please visit this page.

We also have extensive API documentation that allows smooth integration with most business systems. Read more about the API.

We follow the OWASP Secure Coding Practices and rely on the extensive experience of our senior team members.

In the event of a code change, we perform design reviews, code reviews, and security reviews. At least one other software engineer inspects and reviews each commit. We use thorough automated testing, including unit tests and integration tests, as well as manual testing to ensure code quality and security.

We also use third-party automated tools for static source code checks and vulnerability scanning. Our platform undergoes regular penetration testing by an independent third party.

We offer full or partial support for 276 languages. This article provides all the details.

The Rossum data capture engine can handle any date or decimal format and normalize it according to your preferred standardised representation.

For truly ambiguous cases, there is a special “locale” setting that allows you to adjust the platform to handle individual document queues based on their region of origin. Date formats are very flexible, and you can customize your UI to display exported data in the format you want.

You can find some of the supported formats here, under the “Date format” section; the tokens mentioned there are available at this link.

You can implement Rossum in less than 1 day.

Cognitive data capture uses artificial intelligence (AI) to mimic the way the human mind reads structured documents. This approach has two key features:

1. AI learns to recognize information through exposure to examples rather than manual configuration by experts,

2. AI can recognize a lot of information in documents with layouts it has never seen before.

Unlike manual data entry or traditional OCR, cognitive data capture requires no extra manpower. It also saves you the hassle, time, and cost of setting up endless rules and templates.  You can read detailed comparisons of effort in our TCO analysis series.

Rossum’s cognitive data capture AI uses deep neural networks to recognize patterns in documents, just as a human mind would. This enables the platform to understand the underlying general structure of business documents such as invoices. Rossum’s unique neural network architecture allows it to comprehend a wide range of layouts. It also ensures highly accurate data extraction.

Read our founders’ blog series on cognitive data capture for an in-depth look at the technical differences between legacy OCR solutions and cognitive data capture. You can also learn how Rossum’s technology works.

Yes, Rossum allows you to implement automated routing of approval requests in the company. The process works based on data extracted from the document and rules that our team is going to help you create.

Approval workflows are an additional paid feature. If you’d like to use them, please contact your account manager or reach out to support@rossum.ai.

Rossum is dedicated to upholding the highest standards of security, privacy, and compliance for customer data by:

• supporting ISO, SOC 2 Type 1, and HIPAA compliance;

• allowing you to perform granular user and role management;

• maintaining detailed audit trails and logs for each document;

what’s more:

• we have dedicated security, privacy, and compliance teams that implement and manage our security and privacy programs;

• we perform periodic internal audits and assessments by accredited third parties;

• we regularly update our Terms and Conditions as well as our Privacy Policy and our internal data processing policies to reflect regulatory developments and ensure compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other applicable privacy laws and industry standards;

Detailed information can be found here.

Rossum can extract data from semi-structured documents other than invoices, such as receipts, purchase orders, and shipping documents. You can also train a Rossum to capture data from other documents that are at least partially defined by their layout.

To ensure up-to-date and widely scalable security, maintenance and regular updates, we do not offer implementing Rossum on-premises.

Cloud is the most reliable medium through which we can provide broadly scalable service with the highest level of security. It is worth noting that cloud-based solutions deliver security benefits comparable to those of on-premises solutions.

To learn more about Rossum pricing, please visit this page.

We store customer data primarily on servers provided by Amazon Web Services (AWS). AWS is the trusted hosting provider both for established internet services like Netflix, and enterprises like Pfizer and Siemens. AWS maintains the highest security standards and has a range of certifications. Our data is located in data centers that are specifically SOC-1, 2, 3 and ISO/IEC 27001:2013 compliant and periodically audited. More information on AWS Cloud security can be found here.

We offer an option of different AWS regions based on your data residency requirements. Within each region, our platform operates across multiple Availability Zones (physical data centers) to ensure high availability.

Europe Data Center (Default site for new customers) AWS region eu-central-1:

• Primary site: AWS region: eu-central-1 (Europe – Frankfurt)

• Data backup: AWS region: eu-west-1 (Europe – Ireland)

• Recovery site: AWS region: eu-west-1 (Europe – Ireland)

Europe Data Center AWS region eu-west-1:

• Primary site: AWS region: eu-west-1 (Europe – Ireland)

• Data backup: AWS region: eu-central-1 (Europe – Frankfurt)

• Recovery site: AWS region: eu-central-1 (Europe – Frankfurt)

US Data Center:

• Primary site: AWS region: us-east-1 (N. Virginia)

• Data backup: AWS region: us-west-1 (N. California)

• Recovery site: AWS region: us-west-1 (N. California)

Japan Data Center:

• Primary site: AWS region: ap-northeast-1 (Japan – Tokyo)

• Data backup: AWS region: ap-northeast-3 (Japan – Osaka)

• Recovery site: AWS region: ap-northeast-3 (Japan – Osaka)

Our architecture is multi-tenant by default; therefore, data is logically separated at rest, and we are using strict security filters that are applied to all database queries by default. A single-tenant deployment with a dedicated database is available as a commercial option.