Security

Last updated: 28 May 2026

1. Our Security Philosophy

At Emancip8, security is not an afterthought β€” it is foundational to our platform. We built our AI Executive Assistant infrastructure with a security-first architecture because we understand that our users trust us with sensitive business information, communications, and workflows.

We follow industry best practices, implement defence-in-depth strategies, and regularly review our security posture through independent assessments.

2. Encryption Standards

Data in Transit

All communications between your browser, our APIs, and our infrastructure are encrypted using TLS 1.3. We enforce HTTPS across all endpoints and maintain an A+ rating on SSL Labs assessments.

Data at Rest

Your data is encrypted at rest using AES-256 encryption. Database storage, backups, and file stores all use industry-standard encryption protocols. Encryption keys are managed through secure key management systems with regular rotation.

End-to-End Encryption

Where applicable, select communication channels within our platform support end-to-end encryption, ensuring that only you and your intended recipients can read the content of your messages.

3. Infrastructure Security

  • Hosting: Our infrastructure is hosted on secure, SOC 2-compliant cloud providers with data centres in multiple regions
  • Network security: Private networks, firewalls, intrusion detection systems (IDS), and DDoS protection
  • Access control: Strict least-privilege access policies with multi-factor authentication for all administrative access
  • Isolation: Each user's AI assistant data is isolated through logical and architectural separation
  • Backups: Daily encrypted backups with point-in-time recovery capability

4. Application Security

  • Authentication: Secure authentication via Clerk with support for multi-factor authentication (MFA)
  • Authorization: Role-based access control (RBAC) for all platform features
  • Input validation: All user inputs are validated and sanitized against OWASP Top 10 vulnerabilities
  • Session management: Secure, encrypted session tokens with automatic expiration
  • API security: Rate limiting, API key authentication, and request validation on all endpoints

5. AI Assistant Security

Our AI Executive Assistant platform includes additional security measures specific to AI-powered features:

  • Memory isolation: Each user's AI memory is stored in isolated, encrypted databases β€” no cross-user data leakage
  • Context boundaries: The AI assistant only accesses data and tools explicitly authorised by the user
  • Audit logging: All AI assistant actions are logged and available for review in your dashboard
  • Data minimisation: The assistant processes only the data necessary to fulfil your request
  • User control: You can review, edit, or delete your assistant's memory at any time

6. Compliance & Certifications

  • POPIA: Fully compliant with South Africa's Protection of Personal Information Act
  • GDPR: Aligned with EU General Data Protection Regulation requirements for our European users
  • PCI DSS: All payment processing is handled by Paystack, a PCI DSS Level 1 certified payment processor
  • SOC 2: Our infrastructure providers maintain SOC 2 Type II certifications

7. Vulnerability Management

We maintain an active vulnerability management program that includes:

  • Regular automated vulnerability scanning of our infrastructure and applications
  • Periodic third-party penetration testing
  • Dependency monitoring with automated patch management for critical vulnerabilities
  • A responsible disclosure policy for security researchers

8. Incident Response

We have a documented incident response plan that includes:

  • Immediate containment and investigation of security incidents
  • Notification of affected users within 72 hours of confirmed breaches
  • Coordination with relevant regulatory authorities as required
  • Post-incident review and remediation to prevent recurrence

9. Responsible Disclosure

If you discover a security vulnerability in the Emancip8 platform, we encourage you to report it responsibly. Please email security@emancip8.org with details of the vulnerability. We commit to:

  • Acknowledging receipt within 48 hours
  • Providing regular updates on remediation progress
  • Not pursuing legal action for good-faith research conducted under responsible disclosure
  • Publicly acknowledging researchers who report valid vulnerabilities (with permission)

10. Contact Our Security Team

Security enquiries: security@emancip8.org

DPO: dpo@emancip8.org

Company: LIVEMONEY (Pty) Ltd

Reg No: 2023/542782/07

Address: 2 4th Avenue, Block C, Edenburg, Rivonia, Sandton, Gauteng, 2191