Security

Your data, your home.

Last updated : June 10, 2026

We treat your information the way we'd treat our own family's — because it often is our family's. Here's how we protect what you entrust to us.

GDPR Compliance

Oyeba complies with the General Data Protection Regulation (EU 2016/679). You stay in full control: right of access, rectification, erasure, portability, and objection.

Hosting

All data is hosted on European servers (EU · self-hosted on Coolify, sovereign infrastructure). No data transits or is stored outside the EU without your explicit consent. In the future, we plan to open African data centers to bring latency and data sovereignty closer to home.

Encryption

Connections encrypted with HTTPS/TLS 1.3 everywhere. Data at rest encrypted by Supabase (AES-256). Passwords hashed (bcrypt). Signed, expiring file links.

Roles & permissions

Four strict roles per project: Owner (admin), Editor (modify checkpoints), Contributor (add proofs & messages), Observer (read-only). You decide who sees what. No lateral leakage.

Your rights

Access: request a copy of all your data at any time. Rectification: update or correct your info from settings. Erasure: delete your account and all its data in one click. Portability: export your projects as JSON or PDF. To exercise these rights, write to dpo@oyeba.com.

Incidents & reporting

Responsible disclosure policy. Security reports: security@oyeba.com (PGP key available). Incident notification within 72 hours in the event of a breach, in compliance with Article 33 of the GDPR.

Back to top

A question, an idea, a project?

Write to us · we reply personally, and fast.