Privacy & Security Overview

Plain-language summary for institutional reviews. For legal terms, see the Privacy Policy.

Principles

Privacy by design • Least privilege • Data minimization • Institutional ownership • Transparency

Data Ownership & Sovereignty (BYOC)

Institutions own their data. By default, Tekuwami provides secure managed hosting. With Bring Your Own Cloud (BYOC), institutions may host on national cloud/on-prem; in that case, security configuration and compliance of that environment are the institution’s responsibility.

Access Controls & Roles

Role-based access (e.g., Super Admin vs Institution Admin)
Audit trails for accountability
Optional approvals / maker–checker flows per policy

Authentication & Session Security

Modern authentication; strong password policies
Option to enable multi-factor authentication (where available)
Session management and revocation on role/credential changes

Encryption & Transport

TLS for data in transit
Encryption at rest supported in hosting environments (managed or BYOC)

Backups & Retention

Managed hosting: scheduled backups and restore support
BYOC: institution defines backup/retention policies in its environment

Incident Response

Identify → contain → investigate → communicate → remedy
Designated contacts engaged; post-incident review documented

Compliance Mapping (High Level)

This overview supports reviews against national data protection requirements and recognized controls. Institutions may request a lightweight mapping note for their internal standards.

Contact

Questions or requests (e.g., DPA/MoU/security questionnaire): partnership@tekuwami.com.et