Data center security and compliance

All customer data is encrypted in transit and at rest. Our application currently supports TLS 1.2 only, older protocols are disabled. Storage encryption is provided by Amazon KMS and we are using  AWS managed keys.


We understand the importance of reliability and aspire to a 99.9% uptime. We continually monitor uptime through third parties like StatusPage.

Data storage

When your kiosk or application is connected to a network, visitor/employee/contractor data syncs to MRI OnLocation automatically, and all records are stored in OnLocation's database. Backups are taken every day and stored offsite. OnLocation never stores customer data on local devices or any other internal network. 

With respect to the Physical security of our Data Centres; our servers are located in dedicated spaces at top-tier data centers and are protected behind a dedicated firewall. OnLocation is hosted in AWS data centers that have been certified as ISO-27001, PCI/DSS Service Provider Level1 and/or SOC II compliance. Our global Security Team is on call 24/7 to respond to security alerts and events. We are committed to protecting the security of our customer’s information. 

Facilities feature 24-hour manned security, biometric access control, video surveillance, and physical locks. The co-location facilities are powered by redundant supplies, each with UPS and backup generators. All systems, networked devices, and circuits are constantly monitored by both OnLocation and the co-location providers. Only a small group of our employees have physical access to the servers.

When a customer registers their account they are asked to select the country they are in. OnLocation operates data centers in several regions. We refer to these as ‘server regions’. They are the United States, United Kingdom, Europe, Australia, and Canada. The country you are in determines the server region your account data will be hosted in. OnLocation never stores customer data on local devices or any other internal network.


We have a strict policy to respect the privacy of sensitive customer data: we will never sell your visitor/contractor/employee data, and we will not contact your visitors or employees without explicit permission. Our support team will only access your account in the event of a technical support issue that requires real-time access.