Information Security Policy
Effective Date: 07/09/2025
At TELA, we recognize that information is one of the most valuable assets of any modern organization, and for a fintech company like ours, it is the very foundation of trust between us and our customers. The confidentiality, integrity, and availability of personal, financial, and transactional information entrusted to us is of utmost importance. This Information Security Policy has therefore been created to provide a detailed framework for how TELA collects, manages, stores, secures, and protects data against misuse, unauthorized access, loss, or compromise. By establishing clear guidelines and security standards, we aim to minimize risks while ensuring that our services remain reliable, compliant, and resilient in the face of growing cybersecurity challenges.
This policy applies to all employees, contractors, third-party service providers, and users of TELA’s systems and services. It is aligned with global information security best practices, including ISO/IEC 27001 standards, as well as Nigerian regulatory requirements such as the Nigerian Data Protection Regulation (NDPR) and the Central Bank of Nigeria’s (CBN) guidelines for fintech businesses. By enforcing this policy, TELA not only complies with legal obligations but also demonstrates its strong commitment to accountability, transparency, and safeguarding the interests of our users.
Purpose and Scope
The primary purpose of this Information Security Policy is to establish a clear framework that governs how TELA protects the information entrusted to it. The policy exists to ensure that personal data, financial records, transaction information, and other forms of sensitive data remain protected against unauthorized disclosure, alteration, or destruction. It is designed to minimize risks by setting out preventative and corrective measures while also ensuring that users and employees understand their responsibilities in preserving information security.
This policy covers every aspect of TELA’s operations where information is created, processed, transmitted, or stored. It applies equally to data hosted on TELA’s servers, data exchanged with third-party providers, and data accessed by employees, contractors, or vendors. Furthermore, the scope extends beyond digital information systems to include physical access controls, operational processes, and administrative procedures that influence data handling. In effect, this policy governs all information assets managed by TELA and must be followed by every stakeholder involved in delivering or using our services.
Roles and Responsibilities
The responsibility for information security does not rest on a single department alone but is distributed across the entire organization. To ensure proper governance, TELA has designated an Information Security Officer (ISO) who oversees the implementation, enforcement, and continuous monitoring of this policy. The ISO is tasked with ensuring that systems are regularly updated, threats are actively monitored, and compliance with all legal and regulatory requirements is maintained. The ISO also plays a key role in incident response, coordinating with internal teams and external authorities where required.
Every employee and contractor at TELA shares the responsibility of protecting information assets. Staff members must follow all security guidelines, report any suspicious activities, and refrain from engaging in risky behavior that could compromise the security of our systems. Non-compliance with this policy may result in disciplinary measures, which could include suspension, termination, or even legal action, depending on the severity of the violation.
Users also play a crucial role in maintaining information security. As customers of TELA, you are expected to protect your login details, avoid sharing sensitive information recklessly, and report any unusual activity within your accounts. By working together—employees, contractors, vendors, and users alike—we can ensure that security is a shared responsibility rather than a burden placed on a single entity.
Data Protection and Privacy
TELA recognizes that its most valuable data assets are user-related information, financial transaction data, and system operation records. To protect these, we employ a system of data classification that organizes information into three categories: confidential, internal, and public. Confidential data, which includes financial records, personal identification, and sensitive transactions, receives the highest level of protection. Internal data, used for day-to-day operations, is protected with appropriate safeguards to prevent leaks or misuse. Public data, such as marketing information, is openly accessible but still monitored for integrity.
All sensitive data is encrypted both in transit and at rest using industry-standard technologies such as AES-256 encryption and TLS protocols. Encryption ensures that even if data is intercepted, it cannot be read or misused by unauthorized parties. To further protect information, access controls are strictly enforced. Only individuals whose roles require access to specific information will be granted such access, and their privileges are regularly reviewed. Multi-Factor Authentication (MFA) is required for employees and users engaging in high-risk activities such as large financial transfers.
TELA also implements strict data retention and deletion protocols. Personal and financial information is only stored for as long as is necessary to provide services, comply with legal obligations, or meet regulatory requirements. Once the retention period has expired, data is securely deleted, anonymized, or destroyed using best practices. We also ensure that user consent is always obtained before collecting personal information. Users have the right to withdraw consent, and once this is done, TELA ensures that unnecessary data collection stops immediately.
System and Network Security
To protect our IT infrastructure, TELA uses a combination of firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to guard against unauthorized access and cyberattacks. These systems are configured to monitor traffic for suspicious patterns and to block potentially malicious activities before they reach sensitive systems. Regular updates and patches are applied to ensure that our systems remain resistant to evolving threats.
We also conduct regular vulnerability assessments and penetration tests to identify weaknesses that may be exploited by attackers. These assessments are carried out by both internal teams and external security experts to provide independent validation of our security posture. Findings from these assessments are addressed promptly, and corrective measures are taken to close identified vulnerabilities.
Software developed by or for TELA follows a Secure Software Development Life Cycle (SDLC), where security is embedded from the planning phase through to deployment. Developers are trained in secure coding practices, and code undergoes security testing before it is released to production. Additionally, TELA maintains a robust backup system where critical data is regularly backed up and stored in secure, geographically diverse locations. These backups are tested regularly to ensure they can be restored in the event of hardware failure, cyber incidents, or natural disasters.
Physical Security
Beyond digital protections, TELA recognizes that physical security is equally important. Our data centers are protected by strict physical access controls, including biometric scanners, access badges, and 24/7 surveillance. These facilities are designed to withstand risks such as fire, flooding, and power outages. Only authorized personnel are permitted entry, and every access attempt is logged and monitored.
Within TELA offices, access to sensitive areas such as server rooms is restricted. Employees are expected to secure their workstations, use strong passwords, and avoid leaving confidential information in exposed locations. Mobile devices, laptops, and USB drives used by employees must be encrypted and password-protected to prevent data loss in the event of theft or loss.
Incident Response and Management
Despite our best efforts, no system is immune to cyber threats or operational failures. For this reason, TELA has developed a detailed incident response plan that outlines the steps to be taken in the event of a breach or security incident. The first stage involves immediate detection using monitoring tools that flag suspicious activity. Once an incident is detected, it must be reported promptly by employees or users to the Information Security Officer.
The incident response team then evaluates the situation, contains the threat, and works to restore normal operations as quickly as possible. If user data is compromised, affected customers and regulators will be notified promptly in accordance with NDPR and CBN requirements. After resolution, a post-incident review is carried out to identify root causes, assess the effectiveness of the response, and strengthen processes to prevent recurrence.
Security Awareness and Training
Human error remains one of the biggest threats to information security. To address this, TELA provides regular training sessions for employees, contractors, and vendors. Training covers topics such as phishing awareness, password management, handling sensitive information, and proper incident reporting. By ensuring employees understand their responsibilities, we create a culture of vigilance and accountability.
TELA also takes steps to educate its users. Through the mobile app and website, users receive guidance on recognizing scams, creating strong passwords, enabling MFA, and reporting suspicious activities. In doing so, TELA ensures that both staff and customers play an active role in safeguarding information.
Compliance with Legal and Regulatory Requirements
As a regulated fintech company, TELA is committed to complying with all relevant Nigerian laws and regulations, including the Nigerian Data Protection Regulation (NDPR), which governs how personal data is processed, stored, and shared. Compliance with CBN guidelines ensures that TELA follows the strict security standards expected of financial service providers. We also adhere to other cybersecurity and anti-money laundering laws that apply to fintech operations in Nigeria. By complying with these frameworks, TELA maintains its credibility, avoids regulatory penalties, and continues to earn the trust of its users.
Third-Party Providers and Vendors
TELA works with third-party providers such as cloud hosting services, payment processors, and analytics providers. To mitigate risks, we only engage vendors that can demonstrate compliance with strong security practices. All vendors must sign data protection agreements that outline their obligations and responsibilities. Their systems are regularly reviewed to ensure compliance, and any vendor found to be non-compliant risks suspension or termination of their contract with TELA.
Policy Review and Updates
Technology evolves rapidly, and so do the threats that accompany it. For this reason, TELA reviews this Information Security Policy regularly—at least once per year or whenever there are significant changes in laws, technology, or operations. Updates to this policy are communicated to employees, vendors, and users to ensure transparency. Customers are encouraged to review the updated policy periodically, as continued use of our services constitutes acceptance of any revisions.
Contact Information
If you have questions or concerns about this Information Security Policy, or if you would like more details about our security practices, please contact us at:
Email: support@tela.ng
Phone: +234 913 312 4223
By using TELA’s services, you acknowledge that you have read, understood, and agreed to abide by this Information Security Policy.