Skip to content

Security & data sovereignty

Personal data lives with the person. The platform never owns it.

One unifying architecture for everyone — organisations, consumers, communities, governments. Personal data in your pod or on your device. Platform data in specific open regions. Aggregate insights as an open commons for the continent.

  • Personal data lives with the person

    Personal data sits on your device or in your Web3 pod, encrypted under your keys. We have no server-side copy and cannot read it. Platform data — the relational and document stores that run the service — lives in specific open regions chosen against an open-data policy, and aggregate insights flow into an open data commons for the continent. POPIA, the Zimbabwe Data Protection Act, and GDPR are the floor for platform-held data, but residency is not the architecture — pod sovereignty is.

  • Encryption end-to-end

    TLS 1.3 in transit, AES-256 at rest, customer-managed key options on Enterprise. Audit logs are append-only and tamper-evident. Backups are encrypted and tested quarterly.

  • Operated by a small, accountable team

    Access is scoped, named, and time-bound. Production changes go through code review and on-call rotation. We publish post-mortems for incidents above an SLO threshold so customers can read what actually happened.

  • Dignity defaults

    No dark patterns, no attention-resale, no biometric collection without explicit consent. Verification ladders exist to give people more capability — not to gate basic dignity behind a queue at a government office.

For the full data architecture — the four ownership categories, where each kind of data lives, and who can read it — see /data .

Reporting a security issue

If you believe you have found a vulnerability in any Nyuchi product or surface, email security@nyuchi.com with reproduction steps. We acknowledge within one business day, will coordinate disclosure, and credit you in our public security advisories if you'd like.