Trust & Security

Security Statement

Last updated: April 2026 · Region: Global

🔒 SOC 2 Aligned · End-to-End Encrypted · Zero-Knowledge Architecture

1. Our Commitment

Security is foundational to Eshieton Group's operations. As a project intelligence firm handling sensitive client delivery data across 12+ countries and 21 sectors, we treat information security as a non-negotiable operational requirement.

2. Platform Infrastructure

Authentication managed by Supabase Auth with industry-standard JWT tokens
All data encrypted at rest (AES-256) and in transit (TLS 1.3)
Row-Level Security (RLS) enforced at the database layer
Session tokens expire automatically and are invalidated on sign-out
No passwords stored in plaintext — all credentials hashed using bcrypt
Production deployments served via Netlify's global CDN with DDoS protection

3. Data Isolation

Client project data in Foresight™ is logically isolated per client. No client can access another client's data. Row-Level Security policies are enforced at the Supabase database layer — providing defence-in-depth even if application logic were bypassed.

4. Access Control

Password-gate session verification for admin access
Supabase Auth session tokens for consultant and client access
Session expiry enforced — tokens checked on every page load
Role-based access: Admin, Consultant, Client, and Student roles each have distinct permissions

5. Diagnostic Tool Data

Data submitted through our diagnostic tools is transmitted directly to our Supabase database over TLS. No diagnostic response data is stored in browser local storage beyond the current session.

6. Third-Party Security

Supabase — SOC 2 Type II certified, GDPR-compliant
Netlify — SOC 2 Type II certified, enterprise CDN
Cloudflare — global DDoS mitigation
Google Workspace — ISO 27001 certified

7. Vulnerability Disclosure

If you discover a security vulnerability, report it responsibly to security@eshieton.com. We acknowledge valid reports within 48 hours and resolve critical issues within 7 days. We do not pursue legal action against researchers who act in good faith.

8. Incident Response

In the event of a data breach affecting personal data, we will notify affected users and relevant authorities within 72 hours of becoming aware, in accordance with NDPA 2023 and UK GDPR.

9. Region & Jurisdiction

Eshieton Group operates globally. Our primary data processing region is the European Union (Supabase EU region). All pricing is displayed in USD.

🌍 REGION: GLOBAL 💵 CURRENCY: USD 🇳🇬 PRIMARY: ABUJA, NIGERIA 🇬🇧 SECONDARY: LONDON, UK

10. Contact

Security enquiries: security@eshieton.com
Legal and compliance: legal@eshieton.com