# GateWise NG Security and Incident Response Policy Effective date: 25th May, 2026. This Policy explains GateWise NG's public approach to protecting the platform and responding to suspected security or personal data incidents. GateWise NG is a product of Globulus Technology Limited. It is intentionally high-level and does not disclose sensitive internal security procedures. ## 1. Purpose GateWise is used for estate access-support operations and may contain personal data about administrators, residents, guards, supervisors, visitors, and partners. We take security and incident response seriously and maintain safeguards designed to protect the platform and the people who use it. ## 2. Shared Responsibility Security is shared between GateWise, Customers, and Users. GateWise is responsible for operating and protecting the platform. Customers are responsible for managing estate users, assigning appropriate roles, training staff, and maintaining safe physical access procedures. Users are responsible for protecting their accounts, devices, OTPs, and any data they can access. ## 3. Security Commitments GateWise aims to: - limit access to personal data based on role and need - protect accounts through authentication and access controls - monitor for suspected misuse or unauthorized access - maintain records needed for accountability and security review - review service providers that support the platform - respond to suspected incidents in a structured way - notify affected parties where required by law or agreement - improve controls after meaningful incidents or risk reviews ## 4. Customer and User Responsibilities Customers and Users should: - use accurate account information - keep phones, devices, and login credentials secure - avoid sharing OTPs or access codes - remove access for staff who no longer need it - assign permissions carefully - train guards and staff on proper use - report suspicious activity promptly - avoid uploading unnecessary sensitive information - follow estate policies and applicable law ## 5. Incident Types Potential incidents may include: - suspected unauthorized account access - lost or stolen devices used for GateWise - incorrect role assignment or excessive access - accidental disclosure of personal data - suspicious visitor pass activity - misuse of account credentials or OTPs - suspected fraud or payment abuse - service disruption affecting customer operations - confirmed or suspected personal data breach ## 6. How GateWise Responds When GateWise becomes aware of a suspected incident, we may: - assess the information available - take reasonable steps to contain the issue - protect affected accounts or data - investigate the likely cause and impact - work with the affected Customer where customer-managed data is involved - engage service providers, advisers, or authorities where appropriate - notify affected parties where required - document the incident and follow-up actions - improve controls where needed GateWise may limit, suspend, or disable accounts, features, tokens, sessions, or access where necessary to protect the platform, Customers, Users, or data. ## 7. Notifications Where required by law or customer agreement, GateWise will notify affected Customers, Users, or authorities after confirming a reportable incident. The notice may include: - what happened - data categories involved - affected user groups where known - steps GateWise has taken - steps the Customer or User should take - support contact details Some investigations take time. GateWise may provide updates as more reliable information becomes available. ## 8. Reporting a Security Concern Report suspected security issues promptly using: Email: security@gatewise.ng Phone: +234 8037 552 346 Please include: - your name and contact details - estate name if relevant - account or role involved - what happened - date and time of the issue - screenshots or evidence if safe to share Do not include unnecessary personal data or sensitive information in a report. ## 9. Responsible Disclosure If you believe you have found a vulnerability, report it to GateWise before disclosing it publicly. Do not access, alter, copy, delete, or disclose data that does not belong to you. Do not disrupt GateWise or customer operations. GateWise may not treat reports as responsible disclosure if they involve extortion, data theft, unauthorized access, service disruption, privacy violation, or unlawful activity. ## 10. Service Continuity GateWise aims to maintain reliable service, but incidents, maintenance, network issues, customer device problems, or third-party provider issues may affect availability. Customers should maintain practical fallback procedures for gate operations during connectivity problems or service interruptions. ## 11. Policy Updates GateWise may update this Policy as security practices, laws, or platform features change.