CycloudForte Logo

Trust & Security

We hold ourselves to the standard we sell

As a security company, our own posture is part of the product. Here is how we protect our systems and your data.

How we protect your data

Encryption Everywhere

Data is encrypted in transit with TLS 1.2+ and at rest with AES-256. Sensitive credentials and API keys are stored using strong, salted hashing and secrets management — never in plaintext.

Least-Privilege Access

Access to systems holding personal or client data follows the principle of least privilege, protected by multi-factor authentication and reviewed on a regular basis. People get access only to what their role requires.

Monitoring & Logging

Access to sensitive systems is continuously monitored and logged. We retain audit trails to support investigation, accountability, and rapid detection of anything unusual.

Tested Defences

We run regular vulnerability assessments and penetration testing against our own systems — the same services we deliver to clients — and remediate findings on a severity-driven schedule.

Incident Response

We maintain a documented incident response plan with defined roles, containment steps, and breach-notification procedures aligned to the 72-hour NDPA requirement. We rehearse it, not just file it.

People & Awareness

Our team completes security awareness training and is screened on hire. The humans handling your data are trained to protect it, because most breaches start with people, not technology.

Standards & compliance

The frameworks that shape how we operate. Where a formal certification is in progress rather than complete, we say so on request.

NDPR & NDPA

We process personal data in line with the Nigeria Data Protection Regulation and the Nigeria Data Protection Act, with a designated Data Protection Officer and a lawful basis for every processing activity.

ISO/IEC 27001

Our information security practices are built around the ISO/IEC 27001 management-system approach to risk treatment, controls, and continuous improvement. Our leadership holds Lead Auditor credentials in this standard.

ISO/IEC 27701

We align our privacy information management with ISO/IEC 27701, the privacy extension to 27001, reflected in how we handle and govern personal data.

ISO/IEC 42001

For our AI-driven products, we draw on ISO/IEC 42001, the AI management-system standard, to govern model risk, data use, and responsible AI practices.

PCI-DSS (via Paystack)

All card payments are processed by Paystack, a PCI-DSS compliant processor. CycloudForte never stores your card details.

Found a vulnerability in our systems?

We welcome responsible disclosure and work with researchers in good faith. Our policy explains what is in scope, how to report, and the safe-harbour commitments we make to you.

Read our Responsible Disclosure Policy