This page distils the security, privacy, and service-level commitments from the Nukodes Privacy Policy, Terms and Conditions, and Service Level Agreement.
Security Programme
Nukodes uses commercially reasonable technical and organisational measures designed to protect the Service and Customer Data, taking account of the nature of the data, implementation costs, processing risk, and available technology.
Controls described in the legal documents include access controls, role-based permissions, provider controls, secure development practices, monitoring, backups, incident review, data minimisation, and internal confidentiality obligations.
No online, mobile, sync, provider, or local-storage system is perfectly secure. Customers remain responsible for account governance, device security, user training, provider configurations, and internal controls.
Accounts, Roles and Device Security
- Customers are responsible for administrator actions, role assignments, provider connections, business settings, invitations, removals, and user permissions.
- Users must protect passwords, sessions, devices, one-time codes, API keys, provider credentials, and access tokens.
- Customers should use supported devices, current app versions, reasonable security controls, adequate storage, and stable connectivity.
- Lost, stolen, reassigned, rooted, jailbroken, or compromised devices should be reported promptly so Nukodes can revoke sessions, require re-authentication, or take other protective measures.
Offline Sync and Local Storage
Nukodes supports offline workflows by storing selected Customer Data locally on devices and syncing data when connectivity, permissions, versions, provider availability, and access controls permit.
Offline operation may be limited by device storage, operating-system behaviour, local database state, and customer configuration. Offline edits, imports, provider data, role changes, stock movements, duplicate records, delayed network connections, and local device failures may create conflicts or stale data.
Customers should review operational records before relying on them for inventory, payment, tax, or accounting decisions.
Incident and Breach Response
Nukodes uses commercially reasonable monitoring, logging, provider alerts, customer reports, and internal review processes to identify incidents affecting covered hosted production services.
For confirmed material incidents, Nukodes may provide status updates through email, in-product notice, status page, or another reasonable channel. Communications may be limited where disclosure would create security, legal, privacy, or provider-confidentiality risk.
Where Nukodes becomes aware of a personal-data breach requiring notification under Nigerian data-protection law, Nukodes will take reasonable steps to investigate, mitigate, document, and notify the NDPC within 72 hours where required, and notify affected data subjects without undue delay where the breach is likely to result in high risk.
Availability and Support
Nukodes will use commercially reasonable efforts to make covered hosted production components available at least 99.5% of each calendar month.
Local device availability, customer connectivity, sync backlog caused by customer devices, and customer-managed local storage are not measured as hosted-service uptime.
Unless a paid order form expressly grants a service credit or other remedy, missed targets are handled through incident response, remediation, and support escalation rather than automatic credits.
| Priority | Examples | Acknowledgement target | Update target |
|---|---|---|---|
| P1 Critical | Broad production outage, inability for most customers to access core hosted service, or material data-integrity risk. | 4 Business Hours | Daily during Business Hours until mitigated. |
| P2 High | Major feature unavailable for a customer organisation with no reasonable workaround. | 1 Business Day | Every 2 Business Days while actively investigated. |
| P3 Normal | Non-critical defect, degraded feature, reporting inconsistency, or issue with workaround. | 2 Business Days | Status updates as materially available. |
| P4 Low | How-to question, minor defect, documentation issue, cosmetic issue, or enhancement request. | 3 Business Days | As appropriate. |
Third-Party Dependencies
The Service may rely on Third-Party Services enabled by Nukodes or by customer configuration, including hosting/database/storage, PowerSync, UploadThing, Trigger.dev, PostHog, Resend, SignalWire, Termii, JsonReceipt, Google Gemini, Mono, Paystack, Moniepoint, OPay, Piggyvest, Breet, Shipbubble, FIRS systems, app-store services, and device operating systems.
Nukodes is not responsible for outages, delays, rate limits, policy changes, rejected transactions, settlement delays, provider verification requirements, provider data quality, regulatory downtime, or integration changes caused by Third-Party Services outside Nukodes control.
Customer Responsibilities
- Maintain secure devices, supported operating systems, updated app versions, stable connectivity, proper permissions, and adequate local storage for offline sync.
- Configure user roles, access controls, provider credentials, tax settings, and organisation data accurately.
- Promptly report suspected incidents, unauthorised access, provider errors, data-quality issues, or sync anomalies.
- Back up or export business records as needed for internal accounting, tax, audit, and continuity obligations.
- Avoid submitting secrets, passwords, payment-card data, government identifiers, or special-category data unless the feature expressly requests it and a lawful basis exists.
Privacy and Compliance Posture
Personal data is handled under the Nukodes Privacy Policy and any applicable data-processing agreement. Customers must provide required notices, obtain consents where needed, and establish lawful bases for personal data they upload or configure in the Service.
For business records a customer controls, the customer is usually the controller and Nukodes is usually a processor or service provider. For account administration, product security, billing, analytics, and compliance records, Nukodes may act as an independent controller.
Nukodes avoids claiming certification, banking licence, tax-authority status, regulator endorsement, or completed DPCO filing unless those claims are supported by signed documentation.