Security Policy
Last updated ·
1. Our Approach to Security
FieldAXIS (Activity eXecution and Intelligence System) is a product operated by .
TezBytes builds and operates platforms that hold operationally sensitive information — dealer records, field activity logs, sales data, financial records, and in the case of FieldAXIS ILP, sensitive personal information including identity documents and financial account details belonging to trade influencers and contractors. We treat the security of that information as a foundational responsibility, not an optional feature.
Our security approach is layered. It operates across the infrastructure we run, the applications we build, the processes our team follows, and the controls we place on access to systems and data. Security considerations are present from the moment code is written through to the day-to-day operation of the platform.
2. Infrastructure and Hosting
Our platforms are hosted in professionally managed cloud environments. Production systems are kept logically separate from development and testing environments, so changes and experiments in non-production environments cannot affect Client data or platform availability. Access to our infrastructure is restricted by default and opened only where specifically required.
We monitor our systems continuously to detect unusual behaviour, access attempts, or signs of service degradation. When something requires attention, it is addressed based on the severity and urgency of the situation.
3. Data Protection
All data transmitted between users and our platforms is protected using industry-standard encryption, ensuring that information cannot be read or intercepted as it travels over the network. Data stored within our systems is also encrypted using industry-standard methods, so that even in the event of a physical or logical breach of the storage environment, the data remains unreadable without the appropriate credentials.
Client workspaces on the platform are fully isolated from one another. No Client organisation can access another organisation's data. This isolation is enforced at the infrastructure level and is not dependent on user behaviour or access controls alone.
4. Access Control
Access to systems and data within TezBytes follows a least-privilege principle — each person is given access only to what their role genuinely requires, nothing more. This applies both to TezBytes' own team members accessing internal systems and to the users within a Client's organisation accessing their workspace.
Within the platform, a field representative sees only the information relevant to their territory and activities. A branch manager sees the data for their branch and team. An administrator sees their organisation's full workspace. None of these users can see another organisation's data.
For TezBytes' own administrative and internal systems, additional authentication measures are applied to verify identity before access is granted. These measures are not universally mandated across all access points but are applied where the sensitivity of the system demands it. Access privileges are reviewed periodically and are revoked promptly when a team member changes role or leaves the organisation.
5. Handling of Sensitive Personal Data
Where FieldAXIS ILP is used to collect KYC information from enrolled trade influencers — which may include identity documents, financial account details, and other sensitive personal information — that data is handled with specific additional care. Access to it is restricted to the Client's authorised administrators and to TezBytes personnel with a documented and verified operational need. It is processed only for the stated purposes of identity verification and reward redemption. It is not shared beyond what is necessary for those purposes, and its retention is limited to the period of active programme participation.
6. Secure Development
Security is considered throughout our development process, not applied as an afterthought at the end. Our team follows secure coding practices and code is reviewed before deployment. Security checks are built into the development and release workflow. When vulnerabilities are identified — whether through internal review or external disclosure — they are assessed and addressed in order of their severity and the risk they present.
7. Backups and Recovery
We maintain automated daily backups of platform data. These backups allow us to restore data in the event of an incident. Recovery procedures are reviewed and tested periodically so that in a real situation, the path to restoration is known and practised rather than improvised.
8. Incident Response
We maintain documented procedures for responding to security incidents. When a potential incident is identified, it is investigated, contained, and addressed in accordance with those procedures. Where applicable law or a contractual obligation requires us to notify affected parties of a confirmed data incident, we will do so within the timeframes required.
If you are a security researcher or an external party who has identified a potential vulnerability in our platform, we welcome responsible disclosure. Please contact us at . We will acknowledge your report within 48 hours and work with you on remediation in good faith.
9. Updates
This policy may be updated as our technology, infrastructure, or regulatory environment changes. Updates will be published on this page with a revised date.