How we protect you.
Your money, your identity, and your data. The architectural details below are what separate us from lenders that take shortcuts.
Encryption, end-to-end
AES-256 encryption at rest for all sensitive data. TLS 1.3 for every byte in transit. Tokens are short-lived and rotated. BVNs and NINs are stored encrypted and never appear in logs or analytics pipelines.
Bank-grade deposits
Your wallet balances are held at our CBN-licensed partner Microfinance Bank and are NDIC-protected up to ₦500,000 per depositor. Savings Vault funds are deployed through a SEC-licensed custodian into T-bills and money-market instruments.
Multi-factor authentication
MFA is available on every account and required for sensitive actions like large transfers or changing your linked bank. We support SMS OTP, authenticator apps, and device-bound tokens.
Fraud monitoring
Every transaction runs through our real-time fraud model before it settles. We look at behavioural signals, device fingerprints, and known-bad patterns. Suspicious activity triggers a hold and an in-app confirmation, not a frozen account.
Access controls
Only the engineers and operations staff who need data for their role can access it. Every access is logged, every privileged action is reviewed. We use the principle of least privilege everywhere.
Third-party audits
Our security posture is audited annually by an independent firm. Our infrastructure providers (Google Cloud, our payment processor) maintain SOC 2, PCI DSS, and ISO 27001 certifications.
Found a vulnerability?
We take security seriously and run a responsible-disclosure program. Email security@alawee.ng with details of the issue. We'll respond within 24 hours and reward qualifying reports (₦50K-₦500K depending on severity) once we've validated them.
Please do not disclose the vulnerability publicly until we've had a reasonable chance to fix it.