Environmental compliance, from the field to the ministry.
Infrastructure projects in West and Central Africa must produce PGES compliance reports for their supervising ministries. Baobab replaces paper notebooks and WhatsApp threads with an audited, offline-first, bilingual platform.
The problem
On mining, road, and agro-industrial sites, field teams collect daily environmental compliance evidence — vegetation photos, noise measurements, spill reports. Too often this data ends up in WhatsApp chats, scattered Excel files, or lost paper notebooks. The supervisor spends hours consolidating; the ministry receives a poorly formatted PDF weeks later.
Built for every role
Field operator
Offline mobile app. Geotagged photo evidence submission. Automatic sync when connectivity returns.
Supervisor
Review dashboard. Approve or return submissions. Real-time compliance tracking by site.
Ministry / Auditor
Consolidated PGES reports. Full submission history. PDF/DOCX export to regulatory standards.
Executive
Multi-site overview. Aggregated compliance indicators. Proactive alerts on delays.
How it works
1. Capture in the field
Operators photograph compliance evidence from their phone, even without connectivity. Geolocation and timestamp are captured automatically.
2. Automatic sync
When connectivity returns, queued submissions stream up to the server with conflict handling and automatic retry on failure.
3. Supervisor review
Supervisors approve or return each submission from their dashboard. Per-site compliance tracking updates in real time.
4. Ministry-ready report
The ministry or executive views a consolidated dashboard and exports the PGES report as a print-ready PDF or DOCX.
Data security at a glance
The questions our customers ask before signing.
Where is my data stored?
All application data — sites, tasks, submissions, reports, and photos — is stored with Supabase, hosted on Amazon Web Services (AWS) in the eu-west-3 (Paris) region. Other AWS regions (e.g. af-south-1 Cape Town) can be configured for ministry clients on request.
Is data encrypted?
Yes. In transit, all traffic is encrypted with TLS 1.3. At rest, AWS applies AES-256 encryption. Session cookies are HttpOnly, Secure, and SameSite=Strict — they cannot be read by browser JavaScript, eliminating session theft via XSS.
Who can access our data?
Only your users, based on their assigned role (operator, supervisor, ministry, executive, admin). Row-level security (RLS) policies enforce these restrictions server-side. LevelThree engineers only access production on your explicit authorisation, via audited access.
Is Baobab GDPR-compliant?
Our architecture is designed around GDPR principles: data minimisation, encryption, right of access and erasure, and breach notification within 72 hours. We offer a Data Processing Agreement (DPA) before contract signing.
Can we request data deletion?
Yes. Deleting any user, site, or report is available directly in the application. Full organisation deletion (including backups) is performed within 30 days of contract termination, on request.
Can we get a Data Processing Agreement (DPA)?
Yes, a GDPR-compliant DPA is available on request before contract signing. It defines our obligations as a processor, the data processed, the purposes, and the security measures in place.
Ready to digitise your PGES workflow?
Talk to our team or create an account with your registration code.