AES-256
Encryption standard
Security and Privacy / WiseWage
Data Security Is
Our Foundation.
Payroll records, HR files, employee documents, and financial statements are among the most sensitive materials a business handles. WiseWage is built from the ground up to protect them with encryption, strict access controls, and a clear privacy commitment aligned with Nigerian law.
INFRASTRUCTUREENCRYPTIONAES-256NDPA 2023AWS
YOUR
DATA
NDPA 2023
Nigerian compliance
Zero
Model training on your data
Role-based
Access controls
Our Security Commitment
WiseWage's Commitment to Security
We understand the weight of what you upload and manage. Payroll records, employee data, and operational documents require more than standard care. Here is exactly how we protect them.
Your Data Stays Yours
We do not claim ownership of any information you upload or submit to WiseWage. Your data is used exclusively to deliver the service to you and not sold, shared with third parties, or used beyond your session.
- +No data ownership claims
- +No selling or sharing of your data
- +Full control remains with you at all times
Protected at Every Layer
From the moment a document leaves your device to when it is processed and stored, every transmission and every byte at rest is encrypted to industry-standard specifications.
- +AES-256 encryption in transit and at rest
- +Secure cloud infrastructure on AWS
- +Continuous monitoring and threat detection
Privacy Is Non-Negotiable
WiseWage never trains models on your data, never sells your information, and never uses client files for any purpose beyond serving your workspace. Confidentiality is fundamental.
- +Zero model training on uploaded data
- +NDPA 2023 aligned operations
- +Right to delete stored data at any time
Data Ownership
Your Data. Your Control. Always.
When you upload payroll files, employee documents, or company records to WiseWage, that information remains yours. We do not claim any rights over the content you provide. We use it only to deliver the workflow or analysis you requested.
- +We do not claim ownership of your data
- +Information you submit is used only to provide the service
- +Your data is not sold to any third party
- +Your data is not shared for unauthorized purposes
- +You can request deletion of your data at any time
You remain in full control of your information at all times.
Your Data Settings
WiseWage Account / Data Controls
Upload History
Activity Log
Document Storage
Delete all my data
Permanently removes all uploads, conversations, and saved workspace data.
Deletion is permanent and irreversible. Data is removed from all systems within 30 days.
Enterprise-Grade Encryption
Every Byte, Encrypted
All data transmitted to and from WiseWage, including payroll inputs, employee documents, and generated workflow outputs, is protected using modern encryption standards throughout its lifecycle.
Data In Transit
TLS 1.3All communications between your browser and WiseWage servers are encrypted using Transport Layer Security 1.3 to prevent interception during transmission.
ProtocolTLS 1.3
CipherAES-256-GCM
Key ExchangeECDHE
CertificateSHA-256 RSA signed
Data At Rest
AES-256Documents and account data are encrypted at rest using AES-256. Storage access requires managed encryption keys, keeping underlying data unreadable without key authorization.
AlgorithmAES-256-CBC
Key StorageAWS KMS (HSM-backed)
ScopeAll documents, conversations, user data
Managed byAWS Key Management Service
Your Device
Web or mobile session
WiseWage Platform
Processing layer (ephemeral)
Encrypted Storage
Persistent, protected storage
Secure Infrastructure
Built on Secure, Resilient Infrastructure
WiseWage runs on cloud infrastructure designed for high availability, resilience, and strict protection against unauthorized access. Controls are layered across networking, compute, and storage.
AWS Cloud Hosting
Deployed on Amazon Web Services, one of the most secure and audited cloud platforms worldwide.
Regional Data Residency
Data processing serves Nigerian and African users with infrastructure in af-south-1 and eu-west-1 regions.
High Availability
Multi-zone deployment helps the platform remain available through infrastructure disruptions.
24/7 Monitoring
Automated alerting detects anomalies, unusual access patterns, and performance issues in real time.
DDoS Protection
AWS Shield and WAF protect against volumetric and application-layer attacks.
Network Isolation
Internal services operate inside private VPCs and are not directly exposed to the public internet.
Internet / Public
User Device
TLS 1.3 secure channel
AWS WAF + Shield
DDoS Protection and Web Application Firewall
Private VPC
WiseWage Application Services
Vector Index Layer
Encrypted Document Storage
Role-Based Access / WiseWage
| Role | User Data | System Config | Raw Docs |
|---|---|---|---|
| Employee User | YES | NO | NO |
| Company Admin | Scoped | NO | NO |
| Support Agent | Anonymized | NO | NO |
| Security Engineer | NO | Scoped | Audit only |
| Platform Operations | NO | Scoped | NO |
Operational staff cannot browse raw document content in standard workflows. Support access is anonymized and logged.
Strict Access Controls
Only Authorized Personnel. Only When Necessary.
Access to internal systems follows least-privilege principles. No team member receives more access than required by role.
Role-Based Permissions
Every internal role has a defined permission scope. Roles are reviewed quarterly and revoked immediately upon departure.
Multi-Factor Authentication
All internal access requires MFA. Single-factor access is not permitted for systems touching user data.
Access Audit Logs
Access events are logged with timestamp, identity, and action details. Logs are immutable and reviewed for anomalies.
No Raw Document Access by Staff
Support and operations roles do not view your uploaded document content. Support workflows use anonymized references.
Data Privacy Commitment
A Clear Privacy Commitment
Privacy is not a feature we added. It is a principle we built around. Here is exactly what WiseWage does and does not do with your data.
[YES] What WiseWage Does
- +Uses your data exclusively to respond to your requests
- +Encrypts all data in transit and at rest
- +Allows you to delete your data at any time
- +Keeps uploaded documents in an isolated environment
- +Applies NDPA 2023 data protection principles
- +Logs access events for auditability
- +Honors account deletion and data removal requests
[NO] What WiseWage Never Does
- xSell your personal or client data
- xShare your data with third parties for their use
- xTrain our AI models on uploaded documents
- xUse your workspace data to build public datasets
- xRetain your data after account deletion
- xAccess documents without operational necessity
- xUse your data for advertising or profiling
Your confidentiality is fundamental to our platform. A system that compromises your data is not a solution. It is a liability.
Responsible AI Usage
AI With Guardrails, Not Guesswork
WiseWage does not use freeform assistant behavior for sensitive workflows. The system operates under technical constraints designed for transparency, verifiability, and accountability.
Controlled Output Mode
Responses are constrained to available workspace context and configured workflows. Unsupported claims are blocked.
Hallucination Reduction
Generation is grounded in available context to structurally reduce unsupported answers and speculation.
Confidence Levels
Answers include confidence signals reflecting source quality and directness for the specific query.
Mandatory Disclaimers
Outputs include clear review guidance and are not presented as final legal, payroll, or HR advice.
AI Safety Stack
User Request
Payroll, HR, or compliance task
Approved Context
Workspace data and configured rules only / no open web lookup
Guardrailed Generation
Model instructed to stay within the available context
Structured Output
Answer + rationale + flags + next steps
Unsupported output is blocked
The model cannot produce sensitive operational claims without supporting context.
NG
Nigerian Data Protection
Aligned with the Nigeria Data
Protection Act 2023
WiseWage data handling practices are designed around the Nigeria Data Protection Act 2023 and associated principles for responsible collection, processing, and retention.
Lawful Basis for Processing
We process data with consent, to deliver the subscribed service, or where legitimate interest applies under Nigerian data protection requirements.
NDPA 2023 / s.25
Your Rights as a Data Subject
You can request access, correction, erasure, objection, and portability. WiseWage honors rights requests through the privacy channel.
NDPA 2023 / s.34-s.40
Data Minimization
We collect and retain only data necessary to provide the service and avoid unnecessary or excessive personal data collection.
NDPA 2023 / s.24(1)(c)
Data Subject Requests
To exercise your rights under NDPA 2023, including access, correction, or deletion requests, contact our Data Protection Officer.
privacy@wisewagehr.com
Submit a Data RequestIncident Response
If Something Goes Wrong, We Act Fast
No system is perfectly immune to incidents. What matters is rapid detection, decisive containment, and clear communication with affected users.
Detection and Assessment
Monitoring detects anomalies in real time and triggers immediate severity assessment.
Containment and Remediation
Affected services are isolated quickly while root cause analysis and remediation proceed.
User Notification
If user data is affected, impacted users are notified within 72 hours of confirmed impact.
Incident Response Timeline
T+0
Automated Alert Triggered
Anomaly detected by monitoring controls
T+15m
Initial Assessment
Security team evaluates scope and severity
T+1h
Containment
Affected systems isolated and access tightened
T+4h
Remediation In Progress
Fix deployed and validation underway
T+72h max
User Notification
Impacted users informed under NDPA guidance
Resolved
Service Restored
Post-incident review documented and tracked
NDPA notification target: 72 hours max
Continuous Improvement
Security Is Never Finished
Threats evolve. So do our defenses. WiseWage treats security as an ongoing program.
Infrastructure Updates
Server infrastructure, operating systems, and dependencies are patched regularly to reduce exploit risk.
Vulnerability Management
Recurring security checks identify weaknesses, with remediation SLAs prioritized by severity.
AI Safety Reviews
Citation guardrails, confidence logic, and disclaimer enforcement are tested as model behavior evolves.
Access Reviews
Internal permissions are reviewed quarterly and access is revoked immediately when no longer required.
Questions About Security?
Whether you are evaluating WiseWage for payroll operations, an enterprise review process, or a personal data concern, our team is available to help.
Security Questions
security@wisewagehr.comQuestions about security practices, data handling, or trust documentation.
Data Protection Officer
privacy@wisewagehr.comNDPA 2023 requests for access, correction, deletion, or objection.
Responsible Disclosure
security@wisewagehr.comReport suspected vulnerabilities responsibly. We respond to valid reports within 48 hours.
We respond to security inquiries within 2 business days.
Built for Trust.
Ready When You Are.
WiseWage is designed to protect every payroll record, employee document, and operational data point shared with the platform.
AES-256 EncryptedNDPA 2023 AlignedZero Data Training
Security questionnaires and trust documentation are available on request.