Afrimintel · Quality Standard · Privacy · Terms
Written for procurement and security-review readers. Statements here describe the deployed architecture as of the version in the footer; anything not stated is not claimed.
Afrimintel is a static-site platform with serverless functions, served over HTTPS via Netlify's CDN. There is no application database and no password store: account verification runs through the subscriber's own email inbox (signed, short-lived links), and subscription state is checked live against the payment processor rather than held by us. All secrets live in platform environment variables, never in code or in the repository; every payment-adjacent endpoint fails closed when its configuration is absent.
| Provider | Function | Personal data involved |
|---|---|---|
| Netlify | Hosting, CDN, serverless functions | Standard server logs (IP, user agent) |
| Stripe | Payment processing and subscription state | Billing details — held by Stripe, not by Afrimintel |
| Brevo | Transactional email | Email address, message content |
| Plausible | Privacy-focused analytics | No cookies; no personal identifiers collected by design |
Access tokens issued by the platform carry a non-reversible hash in place of the subscriber's email, so tokens appearing in request logs cannot be reversed to an identity. Server-side logging redacts email addresses. The platform stores no payment instrument data in any form.
Every correction, data update, and version change is recorded in the public audit log before the fix is declared complete — including security findings: the log records, with dates, an endpoint deactivated within hours of an internal severity finding and rebuilt only once the authentication design existed to support it. Material errors carry a published correction-velocity commitment under the Quality Standard.
Afrimintel does not currently hold a SOC 2 or ISO 27001 certification; if institutional procurement requires one, that engagement begins when a counterparty requires it in writing. Encryption at rest for hosted content and function logs is provided by the subprocessors listed above under their own published terms.
Security concerns: nikesh@afrimintel.com. Good-faith reports are acknowledged, and confirmed findings enter the public audit log with credit if the reporter wishes.