Data Policy

EduFin is dedicated to upholding the highest standards of security, compliance, and system integrity to ensure the protection of user data. Our approach aligns with globally recognized data protection regulations and best practices, providing a secure and reliable platform for our users. By leveraging robust security protocols and an advanced cloud infrastructure, EduFin mitigates risks and ensures seamless operations while adhering to strict legal and regulatory requirements.

EduFin is hosted within a South African AWS data center, ensuring full compliance with the Protection of Personal Information Act (POPIA) and recognizing the General Data Protection Regulation (GDPR) as an additional layer of security and privacy commitment. Our hosting strategy prioritizes:

• Data Sovereignty: All data is stored and processed within South Africa, ensuring compliance with local data protection laws.
• Regulatory Compliance: EduFin continuously monitors and updates its security policies to align with POPIA and GDPR requirements.
• Third-Party Assessments: Regular security audits and compliance reviews ensure adherence to evolving legal frameworks.

EduFin employs a multi-layered security approach to safeguard user information against unauthorized access, cyber threats, and potential vulnerabilities.

Authentication and Access Control

• Multi-Factor Authentication (MFA): Users must verify their identity using multiple authentication factors to prevent unauthorized access.
• Role-Based Access Control (RBAC): Permissions and data access are strictly controlled based on user roles and responsibilities.
• Secure API Authentication: Encrypted API keys and OAuth-based authentication mechanisms ensure secure data exchanges.
• Session Management: Automatic session timeouts and re-authentication protocols prevent unauthorized access due to inactive sessions.

Data Encryption.

EduFin enforces stringent encryption policies to protect data integrity and confidentiality:

• Encryption in Transit: All data transmissions are secured using TLS 1.2+ encryption protocols, ensuring end-to-end security during data exchange.
• Encryption at Rest: Stored data is encrypted using AES-256 encryption, safeguarding sensitive information from potential breaches.
• Key Management: Encryption keys are securely managed and rotated regularly using AWS Key Management Service (KMS).

Data Privacy and Compliance.

To ensure data privacy and compliance with applicable regulations, EduFin adheres to the following best practices:

• Data Minimization: Only necessary data is collected and processed, reducing exposure to risks.
• Regular Compliance Audits: Internal and third-party audits validate compliance with POPIA, GDPR, and industry-specific regulations.
• User Rights Management: Users have full control over their data, including access, correction, and deletion rights in accordance with privacy laws.
• Data Processing Agreements (DPAs): Contracts with third-party vendors ensure data processing adheres to regulatory obligations.

EduFin’s cloud infrastructure is designed for high availability, scalability, and disaster \ recovery. The platform is built on AWS cloud services with:

• Load Balancing and Auto-Scaling: Ensures optimal performance even during peak usage periods.
• Redundant Backups: Frequent and geographically distributed backups prevent data loss and enable rapid recovery in case of failures.
• Disaster Recovery and Business Continuity Planning: A comprehensive strategy ensures minimal disruption to services in case of unexpected events.
• Zero Downtime Deployments: Rolling updates and blue-green deployments prevent service interruptions.

EduFin employs advanced monitoring systems and an incident response framework to ensure rapid detection and resolution of security threats.

Threat Detection and Prevention.

• Real-Time Threat Detection: Continuous security monitoring with AWS Security Hub,
  GuardDuty, and CloudTrail to identify potential risks.
• Anomaly Detection: AI-driven analysis detects suspicious activities and unauthorized access attempts.
• Automated Incident Response: Immediate containment of security incidents through
  automated remediation protocols.

Security Logging and Auditing.

• Comprehensive Audit Logs: All user activities and system transactions are logged for forensic analysis and compliance verification.
• Regular Security Assessments: Periodic penetration testing and vulnerability scanning ensure proactive threat mitigation.

For any security concerns, inquiries, or incident reporting, users can contact the EduFin Security Team via:

• Email: support@oneconnect.co.za]

EduFin remains committed to continuous improvements in security, compliance, and data protection, ensuring a trustworthy and resilient platform for all users.