Security Policy | Exprt.Pro

At Exprt.Pro, trust is our currency. We employ enterprise-grade security measures to protect your data, your payments, and your identity.

1. Infrastructure Security

Cloud Security: Our platform is hosted on Tier-1 cloud providers (Vercel/AWS) with ISO 27001 certification.
DDoS Protection: We utilize advanced DDoS mitigation services to ensure 99.9% uptime.
Firewalls: Web Application Firewalls (WAF) protect against common threats like SQL injection and Cross-Site Scripting (XSS).

2. Data Encryption

In Transit: All data transmitted between your browser and our servers is encrypted using valid TLS 1.2 or 1.3 certificates. We force HTTPS for all connections.
At Rest: Sensitive database fields are encrypted at rest using AES-256 encryption standards.

3. Payment Security

PCI-DSS Compliance: Exprt.Pro does not store your full credit card information on our servers.
Tokenization: We use tokenization technology provided by our payment partners (Paystack, Stripe) to handle payments securely. These partners are PCI-DSS Level 1 Service Providers.

4. Access Control

Least Privilege: Internal access to data is granted on a "need-to-know" basis.
2FA: Two-Factor Authentication is enforced for all administrative access.
Audit Logs: We accept immutable logs of all sensitive actions for security auditing.

5. Vulnerability Disclosure

We welcome the help of the security community. If you discover a vulnerability, please report it to security@exprt.pro. We pledge to investigate all reports and resolve validated issues promptly.

Note: Detailed bug bounty program terms are available upon request.

6. Compliance

We conduct annual security audits to ensure compliance with the Nigeria Data Protection Act (NDPA) and other relevant regional regulations.