Your data is safe with ClyCites

ClyCites is hosted on AWS infrastructure across multiple availability zones in Africa (Lagos, Cape Town). All infrastructure is managed using infrastructure-as-code with automated security scanning and compliance checks.

Our servers are protected by cloud-native firewalls, intrusion detection systems, and automated vulnerability scanning. We perform regular patching cycles and respond to critical CVEs within 24 hours.

All data in transit is protected using TLS 1.3 with strong cipher suites. All data at rest is encrypted using AES-256 encryption. Database backups are encrypted with separate key management.

Cryptographic keys are managed using AWS KMS with automatic rotation. We never store sensitive credentials in plain text — all passwords are hashed using bcrypt with appropriate cost factors.

ClyCites uses multi-factor authentication (MFA) for all staff access and supports MFA for user accounts. We implement role-based access control (RBAC) with the principle of least privilege.

Session tokens use short expiry times with secure refresh mechanisms. All administrative actions are logged and require explicit user consent. API keys are scoped and can be revoked at any time.

All payment processing is PCI-DSS compliant. We do not store full card numbers or CVV codes. Payment data is handled by certified payment processors (Stripe, Pesapal, Flutterwave).

Our escrow system uses multi-party authorization — payments require confirmation from both buyer and seller before release.

Every user action, API call, and data modification is logged in immutable audit logs with user, timestamp, IP address, and action type. Logs are retained for a minimum of 2 years.

We operate a 24/7 security monitoring system with automated alerting for anomalous behaviour patterns. Security events are triaged by our security team within 1 hour.

Your farm data belongs to you. ClyCites will never sell or share your personal data with third parties for advertising or commercial purposes. Data sharing for research or programme delivery requires explicit, revocable consent.

We comply with the Uganda Data Protection and Privacy Act (2019), Kenya Data Protection Act (2019), and the EU General Data Protection Regulation (GDPR). Data is stored within Africa-region data centers.

ClyCites operates a responsible disclosure programme. If you discover a security vulnerability, please contact us at security@clycites.com. We will acknowledge your report within 48 hours and work with you to address the issue.

We do not pursue legal action against security researchers who follow our responsible disclosure guidelines.