Your harvest data, protected by design
Coffee volumes, buyer contracts, and grower payments are sensitive. Here's exactly how we protect them.
This page describes BunnaLink's current security posture. Specific certifications and tools may vary — contact our team for the details relevant to your compliance requirements.
What we do
Encryption in transit and at rest
All traffic between your browser and BunnaLink uses TLS 1.2+ with modern cipher suites. Database storage uses AES-256 encryption at rest. Backups inherit the same encryption.
Backups you can depend on
Automated daily backups retained for 30 days, weekly backups retained for 90 days. Backups stored in a geographically separate region. Recovery is routinely tested — not just theoretical.
Role-based access control
Every user has a role. Every role has explicit permissions. Field agents see only what they need. Finance teams see only what they need. No shared admin accounts, no "everyone is admin" modes.
Authentication
Strong password policies enforced. 2FA supported for admin accounts. Session timeout after inactivity. Failed login attempts tracked and rate-limited.
Audit logs
Every material action — lot movements, price changes, contract updates, payroll approvals — is logged with who did it and when. Logs are retained for compliance review.
Data residency
Your data is hosted on infrastructure that supports Ethiopian and EU data residency requirements. Contact us for specifics on your preferred region.
Compliance posture
BunnaLink operates under GDPR-equivalent principles and the Ethiopian Data Protection Act. We process data only for the purposes you've authorized, retain it only as long as needed, and give you tools to export or delete it on request.
- SOC 2 Type II (in progress)
- ISO 27001 (planned)
- GDPR compliance (in force)
- Ethiopian Data Protection Act compliance (in force)
Report a vulnerability
Found a security issue? Email security@bunalink.com with details. We respond to reports within 48 hours.