Back to application

Security

Last updated: May 2026

How we protect your account

  • Encrypted in transit. All traffic to the mentor dashboard and our API is served over HTTPS.
  • Hashed passwords. Passwords are managed by Firebase Authentication and stored as one-way hashes. We cannot see them or recover them. If you forget your password, you can reset it from the sign-in page.
  • Strong-password policy. New and updated passwords must include uppercase, lowercase, numeric, and non-alphanumeric characters.
  • Short-lived sessions. Sign-in tokens expire automatically; refresh tokens are revoked when you change your password.
  • Scoped access. Only a small number of authorised Uniquest staff can reach production data. Their actions are logged.
  • Production-only analytics. Google Analytics and Microsoft Clarity load only on the live dashboard, never on local development or preview deployments.
  • Secure payments. Card and mobile-money details go directly to Paystack (a PCI-DSS-compliant processor) and are never stored on our servers.

How you can keep your account safe

  • Use a long, unique password, ideally generated by a password manager. Don’t reuse passwords from other services.
  • Be suspicious of any message that asks for your password. Uniquest staff will never ask for it by email, WhatsApp, or SMS.
  • Confirm the address bar reads https://mentors.uniquestafrica.com before signing in.
  • Sign out of any shared computer when you’re done.
  • Keep the email address on your account current so password resets and security alerts reach you.

Handling student information

When students book your sessions, you receive their name, email, and phone. Treat this information as confidential: use it only to deliver the session they paid for and to follow up about that session. Don’t share it with anyone outside Uniquest, and don’t use it for marketing.

If you think your account has been compromised

  1. Sign in and change your password immediately. This revokes existing sessions on every device.
  2. Review your recent activity (sessions you’ve created, profile changes) and report anything you didn’t do.
  3. Email support@uniquestafrica.com so we can investigate, lock the account if needed, and look for related activity.

Reporting a vulnerability

If you believe you’ve found a security flaw in our dashboard or API, please email support@uniquestafrica.com with steps to reproduce. We commit to acknowledge your report within three business days, keep you informed as we work on a fix, and credit you publicly once it’s resolved if you wish.

Please do not run automated scanners against the production site, don’t access data that doesn’t belong to you, and don’t publicly disclose an issue before we’ve had a chance to fix it.

Data protection

For details on what personal data we collect about you and your rights over it, see our Mentor Privacy Notice.