GDPR Compliance
Oyeba complies with the General Data Protection Regulation (EU 2016/679). You stay in full control: right of access, rectification, erasure, portability, and objection.
Hosting
All data is hosted on European servers (EU · self-hosted on Coolify, sovereign infrastructure). No data transits or is stored outside the EU without your explicit consent. In the future, we plan to open African data centers to bring latency and data sovereignty closer to home.
Encryption
Connections encrypted with HTTPS/TLS 1.3 everywhere. Data at rest encrypted by Supabase (AES-256). Passwords hashed (bcrypt). Signed, expiring file links.
Roles & permissions
Four strict roles per project: Owner (admin), Editor (modify checkpoints), Contributor (add proofs & messages), Observer (read-only). You decide who sees what. No lateral leakage.
Your rights
Access: request a copy of all your data at any time. Rectification: update or correct your info from settings. Erasure: delete your account and all its data in one click. Portability: export your projects as JSON or PDF. To exercise these rights, write to dpo@oyeba.com.
Incidents & reporting
Responsible disclosure policy. Security reports: security@oyeba.com (PGP key available). Incident notification within 72 hours in the event of a breach, in compliance with Article 33 of the GDPR.