GDPR compliance
Oyeba is compliant with the General Data Protection Regulation (EU 2016/679). You keep full control: rights of access, rectification, erasure, portability, opposition.
Security & privacy
Your data, your home.
We handle your information the way we'd handle our own family's — because often, we are.
Hosting
All data is hosted on European servers (EU — self-hosted on Coolify, sovereign infrastructure). No data leaves or is stored outside the EU without your explicit consent. We plan African datacenters to reduce latency and increase sovereignty.
Encryption
HTTPS/TLS 1.3 connections everywhere. Data at rest encrypted by Supabase (AES-256). Passwords hashed (bcrypt). Signed, expiring file URLs.
Roles & permissions
Four strict roles per project: Owner (admin), Editor (modify milestones), Contributor (add proofs & messages), Observer (read-only). You decide who sees what. No lateral leaks.
Incidents & reporting
Responsible disclosure policy. Security reports: security@oyeba.com (PGP key available). Incident notification within 72h in case of breach, per GDPR Article 33.
Your rights
Access: request a copy of all your data anytime.
Rectification: edit or correct your info from settings.
Erasure: delete your account and all its data in one click.
Portability: export your projects in JSON or PDF.
To exercise these rights: dpo@oyeba.com