How your business data is classified, secured and controlled.
We handle data according to its sensitivity — public, internal, confidential and restricted. Business records, financial data and customer details are treated as confidential or restricted, with access limited by role.
Data is encrypted in transit over HTTPS/TLS in production, with HSTS and secure cookies. Passwords are stored only as salted PBKDF2-SHA256 hashes. Payment secret keys live solely in server environment configuration and are never exposed in the browser.
Every business is isolated from every other business. Within a business, role-based permissions (Owner, Manager, Staff, Viewer) limit who can see and change data. Administrative access is restricted to platform administrators and is audited.
We keep data while your account is active and remove or anonymise it within a reasonable period after deletion, subject to legal retention requirements. Operational backups roll off on a defined schedule. See the Data Retention Policy and Data Deletion Policy.
You can request access, correction, export, deletion or consent withdrawal from the Privacy Center. For details, see our Privacy Policy, NDPC Readiness and Security & Trust page.
Formal legal review is recommended before relying on this document for regulatory filing or enterprise procurement. Privacy contact: privacy@eazystock.ng.