Security

Last updated August 29th, 2025

1. Overview

At TAMS, a platform developed and owned by Ofilix Technology, the security and confidentiality of your data and the personal information of your congregation are our highest priority. We are committed to implementing robust physical, technical, and procedural safeguards to protect your data. This page outlines our comprehensive security framework, compliance certifications, and practices.

2. Compliance & Certifications

NDPR & GDPR Compliance

We are committed to processing all data in compliance with both local and international data protection regulations. Our practices are aligned with the Nigeria Data Protection Regulation (NDPR) and the General Data Protection Regulation (GDPR), ensuring that your data is handled with the highest standards of privacy and protection.

PCI Compliance

The Payment Card Industry Data Security Standards (PCI DSS) are a global set of security standards designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.

TAMS is not a payment processor. We use industry-leading, third-party payment gateways like Paystack, Stripe and other local providers to handle all financial transactions. These providers are certified 'PCI Service Provider Level 1,' which is the most stringent level of certification available in the payments industry. Your payment data is never stored on our servers, ensuring it is handled in a secure, compliant environment.

3.Technical Security and Encryption

We implement strict access controls to protect your data:

Authentication

  • Encryption in Transit: All data transmitted between your browser or mobile app and our servers is encrypted using industry-standard Transport Layer Security (TLS) protocol. This ensures that your information is protected from interception.
  • Encryption at Rest: Your data is stored in our databases using encryption at rest, providing an additional layer of security against unauthorized access.
  • Secure Authentication: We protect user accounts with robust security measures. All passwords are one-way encrypted using strong cryptographic algorithms (e.g., bcrypt) before being stored. We also implement rate limiting to prevent brute-force attacks.

4. Secure Coding and Development Practices

Our development team follows strict secure coding practices. All code changes undergo a multi-stage review process:

  • Peer Code Review: Every code change is reviewed by another developer on the team to identify potential vulnerabilities.
  • Automated Testing: Code is subjected to a comprehensive automated testing framework to ensure functionality and security.
  • In addition to automated tests, new features and changes are manually tested to catch any issues that automated processes may miss.

This meticulous approach, while requiring more time, ensures that our production environment runs on a foundation of well-tested, secure code.

5. Data Durability and Recovery

We employ a multi-layered backup strategy to ensure your data is always available and can be recovered in the event of a disaster. We maintain both point-in-time backups and daily snapshots of our databases. This strategy is designed to be resilient to hardware failures, regional outages, and other unforeseen events, allowing us to restore data quickly and with minimal loss.

6. Bug Bounty Program

To proactively identify and address vulnerabilities, we operate a security bug bounty program. We partner with ethical hackers and security researchers to perform continuous penetration testing across our platform. If you are a security researcher and believe you have found a vulnerability, please report it responsibly by emailing us at security@tamshq.com. We are committed to a quick response and resolution.

7. Physical Security

All TAMS servers and data are hosted within secure, industry-leading data centers (e.g., Amazon Web Services). These data centers utilize advanced physical security measures, including:

  • Biometric Access Controls: Limited access to authorized personnel only.
  • 24/7 Surveillance: Constant monitoring to prevent and detect unauthorized entry.
  • Redundancy: Power and network redundancy to ensure continuous operation.

8. Personnel and Internal Security

Ofilix Technology maintains a strong security culture from the top down.

  • Strict Access Controls: Employee access to customer data is strictly limited on a need-to-know basis and is governed by secure, encrypted connections.
  • Employee Confidentiality: All employees are required to sign a non-disclosure agreement (NDA) to protect company and customer data.
  • Security Awareness: Our team understands the importance of data security because many of us use TAMS for our own church administration. We protect your data as if it were our own.

9. Questions

If you have any further questions about our security practices, compliance, or procedures, please do not hesitate to contact us.

  • 📧 Email: support@tamshq.com