Security

Citizen's Eye runs entirely on infrastructure within the CEMAC zone. No data is processed by, stored on, or transmitted through servers outside Central Africa. This is not a policy — it is an architectural constraint that cannot be bypassed.

Security is layered across every component:

• ✓ All inputs validated and sanitized before processing
• ✓ Rate limiting on all endpoints to prevent abuse
• ✓ Role-based access control with 7 distinct permission levels
• ✓ Service-to-service authentication with scoped credentials
• ✓ Security headers on every response (HSTS, CSP, X-Frame-Options)
• ✓ Immutable audit trail for every system action

The platform's monitoring systems operate within strict boundaries. Each component has defined permissions, rate limits, and data access scopes. Behavioral anomalies are detected automatically. Violations are logged and escalated immediately.

The anonymous reporting system is designed with zero-knowledge principles. We cannot identify whistleblowers because the system does not collect identifying information. This is not a feature that can be turned off — it is fundamental to the architecture.

If you discover a security vulnerability, please report it via the platform support centre. We commit to acknowledging reports within 24 hours and providing a resolution timeline within 72 hours.