Security

At Seamfix, we are committed to running a world class, secure, reliable and trusted cloud service. For us, ensuring safety of your work and data is topmost priority and we show it in numerous ways which we have explained below.

We are committed to securing your data and as a result have subdued our solution to numerous Vulnerability and Penetration tests by one of Nigeria’s leading consulting and integration firm with special focus in System Compliance and Cyber-security.

BioRegistra services are hosted on the Amazon Cloud Platform, and many of the specifics and compliances in this document reflect the ways in which we leverage the massive investments that Amazon itself makes in security to the benefit of our customers.

Application Security

Authentication

To reduce the risk of unauthorized access to data, BioRegistra employs authentication for administrative access to systems with more highly classified data. Where possible and appropriate, BioRegistra uses token IDs for authentication. For example, calls to the backend servers require connection using system generated token that combines numerous metrices like time of request, ID of device, role of user, etc. before calls are honored.

Where passwords are used, they are required to be complex (length, combination, among other requirements).

Audit Trail for activity monitoring

With our audit trail reports, you can track the activity of your agents and Other users on your project. This helps you monitor and track in cases where You need to do any form of auditing on your account. You can also export this Report in multiple formats to be used outside the system. Also, BioRegistra possesses integrated real-time client analytics which probes, stores, and monitors all key activities done on a device.

User and data account privacy

BioRegistra is a cloud service platform, however, we take maximum Caution to ensure your data is only accessible by you or your other users That you have granted the privilege to. You can also assign different roles with different privileges as you desire.

Customer Payment Information

We use Flutterwave’s RavePay for payment processing and do not store any Debit card information or Bank account details. RavePay is a trusted, PCI-DSS Compliant gateway.

API and Integrations

All access to BioRegistra API endpoints require an authentication key that is generated on demand for customers. Integrations can also be disabled at any time if any fraudulent activity is suspected.

System Security

Servers and Networking

All servers that run BioRegistra software in production are recent, continuously patched systems. Additional hosted services that we utilize are comprehensively hardened platforms.

Our web servers use the HTTPS security so that requests are protected from man-in-the-middle attacks. We utilize industry standard security such as GlobalSign SSL for 128-bit encryption of your information, same as used by many top organizations and financial institutions.

Internal tier-to-tier requests are signed and authenticated to prevent request forgery, tampering, and replay.

Root Access Detection

Rooting is the process of allowing users of smartphones, tablets and other devices running the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems. When a device is rooted, a user can access root data on the device at will. However, one security feature on BioRegistra is that the application for android devices cannot run on rooted android devices, thereby avoiding manual data access and manipulation.

Secure Data encryption and Transportation

We secure your data in all digital states – when it is at rest, when it is in transit and when it is in use.

Data at Rest – Encryption of captured data (Using AES) to ensure data safety and data integrity.

Data in Use - With controlled access and authentications in place, data in use is protected against suspicious users and potential threats.

Data in Transit – HTTPS connections between the client and the backend is used to ensure efficient security while data is being transported at the Layer 4 (Transport Layer).

Operational Security

Policies and standards

Seamfix maintains a set of policies, standards, procedures and guidelines that provide the BioRegistra workforce with the “rules of the road” for operating BioRegistra's ISMS. Our security documents help ensure that BioRegistra customers can rely on our workers to behave ethically and for our service to operate securely.

Code Reviews and Production Signoffs

All changes to source code destined for production systems are subject to pre-commit code review by a qualified engineering peer that includes security, performance, and potential-for-abuse analysis.

Prior to updating production services, all contributors to the updated software version are required to approve that their changes are working as intended on staging servers.

Disaster Recovery

With data automatically backed up and replicated across multiple redundant nodes and across regions, you are safe from a single point of failure without requiring significant upfront investment in infrastructure.

Periodic Vulnerability and Penetration tests

BioRegistra engages independent entities to conduct regular application-level and infrastructure-level penetration tests. Results of these tests are shared with BioRegistra management. BioRegistra's Security Team reviews and prioritizes the reported findings and tracks them to resolution.