# Privacy and Security

MOSIP's fundamental architecture and design incorporates highest levels of privacy and security.

## Security by design

Key security features:

* Encryption of data in-flight or rest. (See [Data Protection](https://nayakrounak.gitbook.io/mosip-docs/privacy-and-security/data-protection))
* Integration with trusted applications only.
* Fraud avoidance - association of authentication only with specific transactions.
* Misuse prevention - user can lock or unlock their authentication
* Virtual ID and Tokens to prevent identity theft

## Privacy by intent

Key privacy features:

* Minimal data with selective disclosure on a need-to-know basis.
* Sensitive data protected (not stored or logged in clear form).
* Consent support – user decides who can receive what credentials.
* No biometrics based search on database (only with ID).
* De-centralised ID usage and data (cannot profile based on usage).
* Virtual ID and Tokens to prevent profiling across transactions.
* Face data is not sent to ABIS for deduplication.