1. Our Commitment to Security
At NaijaLawBot, protecting the confidentiality, integrity, and availability of our users' data is our top priority. We implement robust technical and organizational measures aligned with industry standards and the Nigeria Data Protection Act (NDPA) 2023.
2. Data Encryption
- In Transit: All data transmitted between your device and our servers is encrypted using strong TLS (Transport Layer Security) 1.2 or higher protocols.
- At Rest: Sensitive data stored in our databases is encrypted using AES-256 standard encryption.
3. Access Control
We adhere to the principle of "least privilege." Access to production data is strictly limited to authorized personnel who require it for engineering support or maintenance purposes. Multi-Factor Authentication (MFA) is enforced for all administrative access.
4. Infrastructure Security
Our platform is hosted on secure, world-class cloud infrastructure providers (such as Vercel and AWS) that maintain ISO 27001, SOC 2, and PCI-DSS certifications. We employ web application firewalls (WAF) and DDoS protection to safeguard against external attacks.
5. Incident Response
We have a defined incident response plan to address any potential security breaches. In the unlikely event of a data breach, we will notify affected users and the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, as mandated by law.
6. Vulnerability Disclosure
If you believe you have found a security vulnerability in NaijaLawBot, please report it to us immediately at security@naijalawbot.com. We appreciate your help in keeping our platform safe.