Security Practices

1. Data Encryption

We implement industry-standard encryption to protect your data:

• In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security)
• At Rest: Your personal data is encrypted using AES-256 encryption when stored on our servers
• Backups: All backup data is also encrypted and stored in secure locations

2. Access Controls

We maintain strict access controls to prevent unauthorized access:

• Role-based access control (RBAC) for all users
• Principle of least privilege - users only have access to necessary data
• Regular access reviews and audits
• Automatic session timeout after inactivity

3. Authentication Security

• Strong password policies (minimum 8 characters, complexity requirements)
• Password hashing using bcrypt (industry standard)
• Session tokens with secure, random generation

4. Security Headers

We implement modern security headers to protect against common web vulnerabilities:

• Content Security Policy (CSP) to prevent XSS and data injection attacks
• Strict-Transport-Security (HSTS) to enforce HTTPS connections
• X-Frame-Options to prevent clickjacking attacks
• X-Content-Type-Options to prevent MIME type sniffing

5. Network Security

• DDoS protection through our hosting provider
• Secure API endpoints with rate limiting
• Regular platform security updates

6. Data Backup and Recovery

• Automated daily backups of all data
• Backups stored in geographically redundant locations
• Encrypted backup storage
• Recovery Point Objective (RPO): 24 hours

7. Incident Response

In the event of a data breach or security incident:

• We will notify affected users within 72 hours as required by the Nigeria Data Protection Regulation (NDPR)
• We will investigate the incident and take appropriate remedial action
• We will document findings and implement measures to prevent recurrence

8. Physical Security

Our data centers employ multiple layers of physical security:

• 24/7 on-site security personnel
• Biometric access controls
• Video surveillance
• Environmental controls (fire suppression, climate control)
• Redundant power and network connectivity

9. Third-Party Security

• We use reputable service providers (Vercel, Supabase, EmailJS, Paystack)
• Data Processing Agreements (DPAs) are in place with our key vendors
• All third-party services are contractually obligated to protect your data

10. Compliance

Eduysle is committed to maintaining compliance with:

• NDPR 2019: Nigeria Data Protection Regulation
• PCI DSS: Payment Card Industry Data Security Standard (via our payment processors)

11. User Security Responsibilities

You play an important role in keeping your account secure:

• Use a strong, unique password for your Eduysle account
• Never share your login credentials
• Log out after each session, especially on shared devices
• Report suspicious activity immediately to hello@eduysle.com

12. Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. Please report security issues to hello@eduysle.com. We will investigate all reports and respond promptly. We do not pursue legal action against researchers who follow responsible disclosure practices.

13. Security Updates

We regularly update our security practices and will notify users of significant security changes through platform notifications and email communications.

• Last Security Audit: May 1, 2026
• Next Scheduled Audit: August 1, 2026

Contact Us

Email: hello@eduysle.com

Phone: +234 706 172 6605