Security & Trust

Your client data is the most sensitive asset in your clinic. We treat it that way.

Encrypted at Rest & Transit
All data encrypted with TLS 1.3 in transit and AES-256 at rest
GDPR Compliant
Fully compliant with UK GDPR, EU GDPR 2016/679, and UAE Federal Law No. 45 of 2021
PCI-DSS via PayPal
We never store card numbers. All payments processed by PayPal Level 1 PCI-DSS
Role-Based Access
Staff see only their own clinic's data. No cross-tenant data exposure
Automated Backups
Daily database backups with point-in-time recovery
No Data Selling
We never sell, rent, or share your client data with third parties

Infrastructure

Ngozi CRM runs on enterprise-grade infrastructure:

Data Encryption

Access Controls

Your Client Data

The data you enter about your clients — names, contact details, treatment notes, photos — belongs entirely to you. We operate as a data processor on your behalf.

GDPR Compliance

Ngozi CRM is designed with GDPR compliance in mind:

For DPA requests: privacy@ngozi-crm.beauty

Vulnerability Disclosure

If you discover a security vulnerability in Ngozi CRM, please report it responsibly to security@ngozi-crm.beauty. We will acknowledge your report within 48 hours and aim to remediate critical issues within 7 days. We ask that you do not publicly disclose the issue before we have had a chance to address it.

Questions

Security questions: security@ngozi-crm.beauty