Key information

💽 Hosting

🇫🇷 All of our Data is hosted in France on AWS Servers

🔐 Compliance

We have received the ISO 27001 certification

🙅 Data protection

We collect limited PII (Personal Identifiable Information) which is anonymized on send (details below)

☁️ Sub-Providers

Our main sub-providers are :

• AWS (cloud)

• Google (IdP)

• Github (Version Control)

• Vercel (Deployement)

More detailed info on the data collected at Corma

Extensions

• URLs

• Gaia IDs, encrypted

• Timestamp

• Time spent on a URL

Direct Integrations to SaaS Apps

• Authentification method

• Date of creation

• Date of deactivation

• Permissions

SSO Integrations

• List of Users (email, name, Id, team, admin status)

• Token of authentifications for external apps

• Timestamp of tokens

• Scopes granted to external apps

Other types of Integrations

• HR tools

• Accounting software

• Ticketing / ITSM systems

• Messaging apps

Recognized Applications

All applications that are part of our Whitelist can be recognized by Corma. This whitelist currently contains more than 31,000 apps listed. This whitelist is also :

• Editable

• Continuously updated

• Can contain custom client URLS for on premise applications accessed via the browser

Integration requirements

Client companies must be using the following systems to work with us efficiently :

• Google workspace or Microsoft Tenant ID (Azure AD) workspace

• Use mainly Chrome, Chromium, Edge browsers or Firefox browsers

• Have significant web-based SaaS-Usage

Authentification methods

We currently support 3 methods of authentication into our app, all 3 methods are systematically included in all pricing versions :

• Google SSO

• Microsoft SSO

• Email + Password