Your data, locked down.
Encryption in transit and at rest. Daily backups. Role-based access. NDPR and GDPR principles followed. You own your records — always.
Encryption in transit & at rest
Every connection between you, the WhatsApp bot, and our dashboard uses TLS 1.2+. Sensitive fields are encrypted at rest in the database with AES-256. Backups are encrypted with separate keys.
Role-based access
Owners see everything. Staff only see what you allow. Per-user audit logs record who recorded which sale, expense, or stock change — so disputes resolve in minutes, not days.
Daily automated backups
Full database snapshots every 24 hours, retained for 30 days. Point-in-time recovery within the last 7 days. Backups live in a different region from the primary database.
Hardened infrastructure
Servers run on Hetzner with SSH key-only access, firewall rules locked to known sources, automatic OS security patches, and intrusion detection. No SSH password logins, ever.
You own your data
Export sales, expenses, inventory, contacts, and reservations as CSV any time from the dashboard. Cancel and delete and we permanently wipe your records within 30 days.
No third-party tracking
No advertising pixels, no cross-site trackers, no behavioral profiling. The only data we process is what you explicitly send us. We never sell or share business records with anyone.
How we map to the standards that matter
We don't claim certifications we haven't earned. Here's exactly where we are.
Built to align with the Nigeria Data Protection Regulation. Data Protection Officer designated. Data Subject Access Requests honored within 30 days.
European data subjects have the same rights — access, correction, deletion, portability, objection — even though our primary jurisdiction is Nigeria.
We never store card numbers ourselves. All card payments are processed by Paystack and Flutterwave, which are PCI-DSS Level 1 compliant.
Internal controls documented; external audit planned within the next 12 months. Track our progress at trust.ojunai.com once published.
Security questions
Where is my data physically stored?
Production database and primary application servers run in Hetzner data centers in Germany (Falkenstein region). Backups are replicated to a secondary region. We chose European hosting for the strong default privacy posture, even though most of our customers are in Africa.
How do I report a security issue?
Email security@ojunai.com with details. We aim to acknowledge within 24 hours and triage within 72. Coordinated disclosure is welcomed; we do not pursue legal action against good-faith researchers.
What happens during an outage?
Our target is 99.5% monthly uptime. Real-time status will be at status.ojunai.com once published; for now, we send WhatsApp updates to affected customers within 30 minutes of detection. Post-incident reviews are shared by email when impact warrants it.
Can I get a Data Processing Agreement (DPA)?
Yes — for Business plan customers and for any customer in a regulated industry. Email contact@ojunai.com and we will send our standard DPA template.
For security disclosures or DPA requests: security@ojunai.com
Start running your business smarter today
Join African business owners using Ojunai to save time, reduce loss, and grow profit — in under 2 minutes.
No credit card. 1 month free. Sign up, then message the bot.