Effective Date: 26 May 2026
1. Introduction
At Energy Smart Nigeria Ltd ("Energy Smart", "ESN", "we", "our", or "us"), we understand that security is foundational to corporate fuel card services, fleet logistics, and driver biometrics. We are committed to maintaining the highest industry standards of confidentiality, integrity, and availability for all data that you entrust to our platforms.
This document details the security controls, protocols, and best practices we implement across our hardware, cloud infrastructure, internal applications, and administrative operations.
2. Data Encryption Standards
We ensure that sensitive corporate and telemetry data remains encrypted at all times to prevent unauthorized access or intercept.
- Data in Transit: All communications between our users and Energy Smart web/mobile platforms are encrypted using industry-standard Transport Layer Security (TLS 1.2 and TLS 1.3) protocols via HTTPS.
- Data at Rest: Database assets, database logs, and file storage backups are encrypted utilizing Advanced Encryption Standard with a 256-bit key length (AES-256), managed through automatic cryptographic key rotation schemes.
3. Access Control & User Authentication
Access to client data is strictly limited to authorized personnel based on the principle of least privilege.
- Role-Based Access Control (RBAC): Administrators can assign specific roles and granular permissions to different departments (e.g., Fleet Manager, Accountant, Driver), ensuring staff only access the data required to perform their duties.
- Multi-Factor Authentication (MFA): Administrative consoles and client portal logins require MFA verification (such as Google Authenticator, SMS, or secure token) to prevent credential theft.
- Session Management: Inactive admin and client portal sessions automatically expire after a set time limit, requiring re-authentication to re-establish secure access.
4. Telemetry & Hardware Security
Energy Smart prevents siphoning, card fraud, and side-refueling through deep integration of hardware controls and telemetry security.
- Biometric Validation: Inquiries and transactions associated with our Biometric Card systems utilize secure biometric templates stored directly on the card chips, ensuring that only the registered driver can authorize transactions.
- Odometer & IoT Validation: The ESN Fleet OS compares actual IoT odometer telemetry against card fuel transactions. Transactions that exceed the vehicle's capacity or are requested at mismatched geographic coordinates are instantly flagged and blocked.
- Restricted Station Profiles (Looped Cards): Hardware-enforced limits ensure that Looped Fuel Cards only work at partnered stations, eliminating transactions at unauthorized vendor portals.
5. Cloud Infrastructure & Physical Safeguards
Our platforms are hosted in secure, world-class cloud data centers that comply with international security frameworks.
- Physical Security: Data centers are protected by 24/7 security personnel, biometric verification checkpoints, video monitoring, and custom server racks.
- Network Safeguards: We employ multi-tiered firewalls, Virtual Private Clouds (VPCs), and Intrusion Detection and Prevention Systems (IDPS) to monitor traffic and block malicious behavior.
- DDoS Mitigation: High-capacity distributed denial-of-service (DDoS) mitigation shields prevent platform downtime, maintaining consistent service availability.
6. Compliance, Audits & Disaster Recovery
ESN holds itself accountable through strict alignment with compliance benchmarks and disaster recovery policies.
- SOC 2 Alignment: Our software and hosting systems are designed in alignment with SOC 2 Type II security principles (Security, Confidentiality, and Processing Integrity).
- Automated Vulnerability Scanning: We conduct continuous automated code and dependency vulnerability scans, ensuring zero unpatched exploits remain in production.
- Backups & Disaster Recovery: Automated database snapshots are taken hourly and stored in geo-redundant, write-once-read-many (WORM) storage, ensuring complete recovery in the event of an outage or threat.
7. Vulnerability Disclosure Program
We welcome security researchers and clients to report any suspected vulnerabilities or system exploits.
If you identify a potential security issue on our platforms, please contact our security team directly at **security@energysmartng.com**. We pledge to review and remediate all valid disclosures responsibly and promptly.