Security Policy for Uzabiz
Effective Date: June 30, 2025
Last Updated: June 30, 2025
Uzabiz is committed to protecting the confidentiality, integrity, and availability of customer data and maintaining a secure environment for our WhatsApp and Telegram marketing automation services.
1. Data Protection
- All customer data is encrypted in transit (TLS 1.2+) and at rest using industry-standard encryption protocols.
- Passwords are stored using strong hashing algorithms (e.g., bcrypt).
- Access to sensitive data is restricted to authorized personnel only, following the principle of least privilege.
2. User Authentication
- All users must authenticate using secure login credentials.
- We support session management with automatic timeouts and IP/device checks.
- Admin users may have access to multi-factor authentication (MFA) if enabled.
3. Platform & Infrastructure Security
- Uzabiz is hosted on secure cloud infrastructure (e.g., AWS, DigitalOcean, or equivalent) with:
- Firewall protection
- Continuous monitoring
- Regular vulnerability scans
- Routine software updates and security patches
4. Application Security
- Regular code reviews and testing (including automated vulnerability scanning)
- Input validation and protection against common threats (XSS, CSRF, SQL injection)
- Limited rate API calls to prevent abuse
5. Incident Response
- We maintain an internal Incident Response Plan to address data breaches or unauthorized access.
- In the event of a confirmed breach affecting your data, we will notify you within 72 hours, per applicable laws.
6. Backups & Redundancy
- Daily encrypted backups of customer data are taken and stored in secure, geographically separate locations.
- We conduct periodic disaster recovery testing to ensure data availability.
7. Customer Responsibilities
To help keep your data secure, we recommend that customers:
- Use strong, unique passwords for their Uzabiz accounts
- Keep login credentials confidential
- Regularly review account activity
- Immediately notify us of any suspicious activity
8. Compliance & Standards
While Uzabiz is not yet certified under specific frameworks (e.g., ISO 27001, SOC 2), our practices align with global best standards for SaaS security and privacy (including GDPR compliance for international users).
9. Contact
For security-related concerns or to report vulnerabilities:
📧 security@uzabiz.africa
