Security in Exalog software

The security of our software is our priority. It is constantly improving to ensure the highest level of security to our clients regarding:
  • Access to their environment
  • User rights
  • Exchange of information with banks and ERP
  • Data storage

Access to their environment

The primary way to limit the risks of intrusion into a software is to ensure secure access. To this end, we use strong authentication methods, combining two factors to choose from, among the following:


Our clients connect very quickly thanks to facial or digital recognition. To do so, they must have an infrared camera or fingerprint reader.

FIDO key

Easy to buy on the market, this USB key has a unique identifier that allows our clients to connect simply by plugging it into their computer. Learn more about FIDO key

Login and password

The combination login + password is another way to access our software.
Code card

Authentication grid and security code card

A code must be entered in an authentication grid, with numbers randomly positioned for each connection. The code requested will also be different each time you try to access it.

Digital certificate

The personal digital certificate is a digital identity document. It contains identification information, cannot be falsified, and is issued by a recognised authority (e.g. SWIFT, Certinomis, etc.).
We also offer access limitation via IP address: users will only be able to connect if their URL is recognised by the software.

User rights

Once the user’s identity has been established, it is necessary to determine the possible actions within the software: granting authorisations or, on the contrary, limiting access to specific functions or responsibilities.
  • Users rights: it is the administrator who defines the functions that users can access, the authorised bank accounts, or the remittances validation limits.
  • Autonomy: the administrator can manage authorisations on their own; they do not need to ask Exalog to grant or delete rights, and the changes are immediate.
  • Traceability: all actions performed by users are tracked, and can be viewed by the administrator.
  • Unlimited users: the number of users with access to our software is unlimited and free.

Exchange of information with banks and ERPs

We ensure that the information that our clients share with their banks/ERPs and our tools cannot be read by a third-party system, and that messages are properly transmitted. We meet the security recommendations of ANSSI (National Cybersecurity Agency of France). As they pass through, all data is encrypted according to the TLS/SSL standard, which is designed to protect the confidentiality and integrity of communications.

Data storage

How can we guarantee that the data is protected? That they are not at risk of being deleted and that our clients will always have access to them? That no one else can see them?
Data is stored in two ISO 27001 and ISO 22301 certified datacenters (the highest levels of certification for IT security and business continuity). In order to guarantee 24/7 availability, all the equipment is duplicated and data is backed up in real time on a backup server: no data loss in case of a downtime.
Key storage
Our clients are the owners of the data stored in the software. They can therefore export them at any time. Since the data is stored in the software, and not on the banks’ websites, our clients do not have to worry about migrating them if they decide to change banks, and they will keep their history.  

Personal data

In compliance with the GDPR, the personal data recorded in our software is encrypted. These include personal names, emails, telephone numbers, account numbers, and credit card numbers.