Security Guidelines
Effective Date: 11th November 2023Last Updated: 1st October, 2025
These Security Guidelines outline the measures, responsibilities, and best practices that protect all users, developers, and partners across Netapps Technologies Limited, including Netapps Marketplace Limited, Netapps Aggregators Limited, Netapps Microfinance Bank Limited, and Netapps Africloud Limited (collectively referred to as “Netapps Products & Services”). Security is a shared responsibility.
You (users, developers, and partners) must take steps to safeguard your accounts and data.
We (Netapps) are committed to securing our platforms, systems, and infrastructure with industry-leading standards.
1. User Security Guidelines
1.1 Account & Profile Security
Guidelines to protect user accounts and profiles.Guidelines to protect user accounts and profiles.Guidelines to protect user accounts and profiles.Guidelines to protect user accounts and profiles.
- Your username must match your registered email or phone number. Usernames cannot be modified without contacting Netapps Support.
- Keep your password confidential. If compromised, reset it immediately using the in-app feature.
- Two-Factor Authentication (2FA) is strongly recommended. Options include “Always remember” or “On Each Login.”
1.2 Password & PIN Management
- Use strong, unique passwords (avoid names, dates, or reused credentials).
- Change your password at least every 90 days.
- Never disclose your password, PIN, or OTP — not even to Netapps staff.
- Always keep your PIN private and distinct from your password.
1.3 Session & Transaction Control
- Sessions automatically expire after 1 hour of inactivity to minimize risk.
- Certain KYC-level accounts may customize session timeouts.
- All sensitive transactions require re-entry of your PIN.
1.4 Recognizing Phishing & Fraud
- Netapps will never request your password, card details, or PIN via SMS, email, or phone.
- Verify URLs before logging in: look for https:// and the padlock symbol.
- Beware of fake domains (e.g., “netAPps” or “Net-Apps”) and poorly worded websites.
- Do not click links from unverified SMS, WhatsApp, or social media messages.
2. Developer & Partner Security Guidelines
2.1 API & Integration Security
- Keep your API keys, SDK credentials, and tokens confidential. Do not hard-code them into public repositories.
- Rotate API keys regularly and immediately revoke compromised keys.
- Use the sandbox environment for testing — never use live credentials in development.
2.2 Access Control
- Restrict access to API keys and credentials to authorized team members only.
- Apply the principle of least privilege when assigning user roles and access.
2.3 Data Handling & Compliance
- Ensure that personal data collected via Netapps APIs is stored, processed, and transmitted in compliance with NDPR, GDPR, and other applicable data protection laws.
- Do not retain or share sensitive user data beyond the purpose of integration.
2.4 Reporting & Support
- Report suspected API misuse, fraud, or security vulnerabilities to security@netapps.ng.
- Partners who fail to comply with integration security standards may face suspension of services.
3. Netapps Commitments to Security
3.1 Encryption & Data Security
- All sensitive data is encrypted in transit (TLS/SSL) and at rest (AES-256).
- Regular penetration tests and vulnerability scans are performed on all systems.
3.2 Compliance & Certification
- PCI DSS Level 1 Certified — audited by an independent PCI Qualified Security Assessor (QSA).
- Licensed Payment System Service Provider (PSSP) by the Central Bank of Nigeria (CBN).
- Adherence to NDPR (Nigeria Data Protection Regulation), GDPR, and global best practices.
- Certified to ISO/IEC 27001:2022 for Information Security Management Systems (ISMS).
3.3 Monitoring & Fraud Prevention
- Continuous monitoring of transactions to detect suspicious activities.
- Multi-layered fraud prevention including velocity checks, anomaly detection, and AI-based risk scoring.
3.4 Incident Response & User Protection
- In the event of a suspected security breach, Netapps will immediately investigate and contain the threat.
- Notify affected users and regulators as required by law.
- Provide guidance on steps to secure accounts.
3.5 Transparency & Trust
- Netapps regularly updates these Security Guidelines in line with evolving cyber threats.
- Users, developers, and partners will be notified of significant changes.
Contact & Reporting
If you suspect fraud, phishing, or unauthorized access, contact: