MzDeal Security Policy

The MzDeal Security Policy outlines the technical, organizational, and operational measures we implement to protect user data, transactions, accounts, and platform integrity. This policy applies to all users, sellers, partners, and internal team members who interact with the MzDeal platform.

1. Purpose of This Policy

MzDeal is committed to safeguarding:

User personal information

Payment and financial data

Business/seller information

Listing and transactional data

Communication logs

Platform infrastructure

This policy ensures compliance with:

Mozambique Data Protection Laws (Lei de Proteção de Dados Pessoais)

GDPR-aligned standards

App Store & Google Play security requirements

2. Platform Security Overview

MzDeal employs a multi-layered security architecture including:

2.1 Server Security

Secure cloud-hosted servers with industry-standard firewalls

Continual monitoring and automatic threat detection

Regular patching and security updates

Isolation of application, database, and file storage servers

Protection from common attacks (DDoS, XSS, SQL injection)

2.2 Database Security

Encrypted data storage (AES-256)

Encrypted backups stored in secure off-site locations

Role-Based Access Control (RBAC) for internal staff

No direct external database access

Regular vulnerability assessments

2.3 Network Security

Strict TLS/SSL encryption (HTTPS everywhere)

API key and token-based authentication for services

IP rate limiting to prevent brute-force attacks

3. User Account Security

MzDeal protects user accounts using:

3.1 Password Requirements

Users must create passwords containing:

Minimum 8 characters

Uppercase + lowercase letters

Numbers or symbols

3.2 Account Protection Features

Passwords stored using salted hashing (bcrypt)

Optional Two-Factor Authentication (2FA) for sellers

Login attempt rate limiting

Session timeouts

Device recognition system

3.3 Suspicious Activity Detection

MzDeal automatically detects and flags activities such as:

Multiple failed login attempts

Login from unusual locations

Sudden mass messaging

Rapid posting or editing of ads

4. Payment & Financial Security

MzDeal uses authorized, PCI-DSS compliant payment partners.

4.1 Secure Processing

All card data is handled by external certified payment gateways

MzDeal never stores credit/debit card numbers

Payments are encrypted end-to-end

4.2 Wallet & Balance Security

Balance stored in protected ledger system

Fraud detection on unusual withdrawals

Seller payouts require identity verification

5. Fraud Prevention & Abuse Protection

MzDeal implements advanced fraud-mitigation systems.

5.1 Automated Fraud Checks

AI and rule-based systems analyze postings for suspicious patterns

Re-uploads of banned items are automatically detected

Mandatory ID verification for high-risk sellers

5.2 Manual Review Team

MzDeal staff may review:

Reported users

Suspicious chats and transactions

Repeatedly flagged posts

5.3 Prohibited Behaviors

Impersonation

Spam and bot activity

Posting stolen goods

Circumventing MzDeal payments or policies

6. Data Transmission Security

All app and server communication uses:

End-to-end encryption (E2EE) for sensitive operations

Secure OAuth and token refresh system

Encrypted WebSocket communication where applicable

7. Internal Access Control

MzDeal employees and contractors follow strict rules:

Access to user data is role-based and logged

Data is only accessed for support, compliance, or security reasons

Background checks for staff with elevated permissions

Mandatory training on data protection and handling

8. Device & Application Security (Mobile App)

8.1 Application Integrity

App signed and verified on Google Play & App Store

Integrity checks to prevent tampering or cloning

8.2 Local Storage Protection

Minimal data stored locally

Sensitive data encrypted using OS-level secure storage (Keychain/Keystore)

8.3 Automatic Updates

Security fixes deployed regularly through app updates.

9. Reporting Security Issues

MzDeal encourages responsible disclosure. Users can report security vulnerabilities to:
[email protected]

MzDeal will:

Acknowledge receipt within 72 hours

Investigate promptly

Provide resolution or patch updates

10. Limitation of Liability

While MzDeal employs advanced security measures, no system is fully immune from attacks. Users are responsible for:

Keeping login credentials safe

Avoiding suspicious links or payments outside the app

Reporting suspicious activity immediately

MzDeal is not liable for:

Fraudulent transactions conducted outside the platform

Losses caused by user negligence

Unauthorized access due to compromised devices

11. Updates to This Policy

MzDeal may update this Security Policy at any time. All changes will be posted on the app and website.

Continuing to use MzDeal after updates indicates acceptance of the revised policy.

12. Contact Information

For security concerns or GDPR-related requests:

Email: [email protected]

Website: www.mzdeal.co.mz

MzDeal is committed to protecting your data, your transactions, and your trust.