You put real money, stock, customers, debts and staff records into EAZYDEV. Here is exactly how we protect that data — plainly, and honestly.
Defence in depth — isolation, access control and logging working together, not a single switch.
Every business is a separate tenant. Products, sales, customers, debts, expenses and staff records are scoped to your business on every request — one business can never read another's data.
Owner, Manager, Staff and Viewer roles each see only what they should. Staff can sell but not change prices; viewers are read-only. Permissions are enforced on the server, not just hidden in the screen.
Add a second step at sign-in with an authenticator app (TOTP) or an emailed code, plus single-use recovery codes. Passwords are hashed with industry-standard PBKDF2 — we never store them in plain text.
Sensitive changes — stock corrections, price edits, approvals, expenses — are recorded with who did it, when, and the before-and-after values. Owners and managers can review exactly what staff changed.
In production the site runs over HTTPS with HSTS, secure cookies and an automatic HTTP → HTTPS redirect, so data is encrypted in transit between your browser and our servers.
Card payments are processed by Stripe, Paystack and Flutterwave. Secret keys live only in server environment configuration — never in the browser, never in our code — and every webhook signature is verified.
Login, 2FA, registration and public forms are rate-limited per IP, and a security layer blocks scanners and site-rippers. Hardening headers (CSP, nosniff, frame protection) ship on every response.
Your data belongs to you. Business owners can export their full records (CSV / JSON / Excel / PDF) any time — EAZYDEV is designed to reduce vendor lock-in. The production database runs on managed PostgreSQL with operational backups, and automated Google Cloud backup is available on Business plan and above. Exports are permission-controlled and audit-logged.
We collect only what the service needs, never sell your data, and keep logs free of passwords, tokens and payment secrets. Optional cookies are off until you allow them.
No jargon. Here is what we promise about your business data.
Designed around Nigeria Data Protection Act (NDPA) / NDPC privacy principles.
We build EAZYDEV with privacy-first principles aligned to the Nigeria Data Protection Act and NDPC guidance. In practice that means:
Read the full Privacy Policy and Cookie Policy for details on what we collect, how we use it, and who processes it on our behalf.
We are honest about where we are. These are the standards we design around and are working toward — not certifications we claim to already hold.
Our privacy program is designed around the Nigeria Data Protection Act and NDPC principles. Controls we operate or are putting in place:
We build with the kinds of controls a SOC 2 examination looks for, so an audit is a step we can take rather than a rebuild:
We are happy to walk through how your data is protected. Reach out any time.