At Kappit, protecting your business data is our highest priority. From secure authentication to strict tenant isolation, we build security into every layer of the platform.
Security by Design
Built in from day one
Layered Protection
Defence at every level
Privacy First
Your data stays yours
Continuously Improved
Security evolves with threats
Philosophy
Kappit is built with a security-first mindset. Rather than treating security as an afterthought, every feature is designed to help protect customer data, maintain privacy, and provide businesses with confidence as they grow.
From the moment a business signs up, their data operates inside its own isolated environment. Platform administrators have controlled, audited access for maintenance and support — never unrestricted access to customer data.
Security is not a feature — it is the foundation.
Protection
Every company's data is logically isolated. No business can ever access another's information.
Employees only access the modules, branches, and information they have been authorized to use.
Strong password requirements, verified accounts, secure sessions, and protection against unauthorized access.
Passwords are never stored in plain text. They are securely hashed using industry best practices.
Important business actions are recorded to improve accountability and traceability across the platform.
Users can monitor active sessions and sign out from other devices remotely at any time.
Accounts are verified before they can access the platform, preventing unauthorized account creation.
Businesses can control which employees access specific branches and departments independently.
Data Protection
Customer data belongs to the customer. Kappit never shares your business data with other organizations, third parties, or other businesses on the platform.
Every company operates in its own isolated environment. Data from one business is never accessible to another — full isolation is enforced at every layer.
Platform administrators have controlled access for maintenance and customer support only. All privileged actions are logged and auditable.
Your Data Belongs to You
We never sell, share, or use your business data for any purpose beyond operating the platform.
Complete Company Isolation
Each business exists in its own secure environment — fully separated from all other companies.
Controlled Admin Access
Platform administrators can only act within defined, audited boundaries to support your account.
Data Retention Controls
Businesses retain control over their data with clear policies on how long information is held.
Account Security
Available Now
Email Verification
All accounts must be verified before gaining platform access.
Strong Password Policies
Minimum length, complexity requirements, and secure hashing enforced for all accounts.
Session Management
View and revoke active sessions across all your logged-in devices.
Login History
Review a full log of successful and failed login attempts on your account.
Security Notifications
Receive alerts for important account activity and security events.
Device Monitoring
See which devices are currently signed in to your account.
Account Lockout Protection
Accounts are temporarily locked after repeated failed login attempts to prevent brute-force attacks.
Coming Soon
Two-Factor Authentication (2FA)
Add a second layer of verification to your login process.
Passkeys
Passwordless authentication using device biometrics or hardware keys.
Hardware Security Keys
Support for physical security keys as a second authentication factor.
Single Sign-On (SSO)
Sign in with your organization's identity provider for seamless access.
Business Security
Business owners have full control over who accesses what within their company. Kappit provides the tools to enforce strict internal security policies.
Manage employee permissions and roles
Control which modules each employee can access
Restrict access to specific branches or departments
Review complete company audit logs
Monitor employee login activity
Review security events within your business
Revoke user access instantly when needed
Platform Security
Kappit continuously monitors the platform for anomalies, suspicious activity, and security events. Internal platform administration is completely separated from customer environments.
Platform-wide health and availability monitoring
Security event detection and logging
Failed login attempt tracking and alerting
Suspicious activity identification
Authentication trend analysis
System integrity monitoring
Separation of platform and customer environments
Resilience
Kappit is designed with resilience in mind. We maintain robust approaches to ensure business continuity and data safety.
Secure Backups
Business data is backed up regularly to ensure recovery in the event of an unexpected incident.
Recovery Planning
We maintain recovery plans and procedures designed to restore service as quickly as possible.
Infrastructure Resilience
The platform is built on resilient infrastructure to minimize downtime and maintain availability.
Continuous Monitoring
Systems are continuously monitored so issues are detected and addressed proactively.
Privacy
Kappit is designed to respect the privacy of your business and the people within it. Read our full Privacy Policy →
Personal Information
Collected only for account operation and platform improvement.
Business Information
Used exclusively to deliver platform services to your company.
Data Ownership
Your business data is yours — we do not claim ownership or rights.
Data Retention
Clear policies govern how long data is kept and when it is removed.
User Consent
We obtain appropriate consent before processing personal information.
Customer Control
Businesses can manage, export, or request deletion of their data.
Compliance
Built to meet current requirements and designed to grow into global standards.
Current Practices
Kenyan Data Protection Act, 2019
Our platform is built to align with Kenya's data protection legislation and privacy requirements.
Privacy-First Platform Design
Privacy considerations are embedded into every feature design decision we make.
Full Audit Logging
All significant platform and business actions are logged for accountability and traceability.
Role-Based Permissions
Granular access controls ensure users only have the permissions they require.
Secure Authentication
Strong authentication practices protect all accounts on the platform from unauthorized access.
Future Goals
ISO 27001
PlannedInformation security management standard — planned for future certification.
SOC 2
PlannedService organization controls framework — part of our long-term compliance roadmap.
GDPR Support
PlannedTools and processes to support businesses with GDPR obligations for European data subjects.
Regional Compliance Standards
PlannedOngoing expansion to meet the data protection requirements of additional African jurisdictions.
Roadmap
We are continuously investing in new security capabilities to keep your business protected.
TOTP-based 2FA for all accounts on the platform.
Passwordless authentication using biometrics and device credentials.
Enterprise identity provider integration for seamless login.
AI-assisted anomaly detection and real-time alerting for suspicious patterns.
Proactive notifications when unusual account or platform activity is detected.
Rate limiting, token scoping, and advanced API authentication controls.
Register and manage trusted devices for improved access security.
Detailed compliance and audit reports exportable for regulatory purposes.
FAQ
Kappit protects your data through multiple layers of security including multi-tenant isolation, encrypted passwords, role-based access control, secure sessions, email verification, and audit logging. Security is built into every layer of the platform, not added as an afterthought.
No. Every company on Kappit operates in its own logically isolated environment. Your data is never visible to, or accessible by, any other company on the platform. Full data isolation is enforced at every layer of the system.
Yes. Kappit provides granular role-based access control, allowing business owners to define exactly which modules, branches, and data each employee can access. Permissions can be updated or revoked instantly when circumstances change.
Passwords are never stored in plain text. All passwords are securely hashed using industry-standard cryptographic algorithms before being stored. Even Kappit administrators cannot view your password.
Yes. Kappit includes branch-level access controls that allow businesses to restrict which employees can access each branch or location. Each branch can have its own permissions, staff assignments, and operational boundaries.
Business owners can immediately deactivate or remove an employee's account, revoking all access to the platform. Any active sessions are terminated, and the former employee can no longer log in or access company data.
If you believe you have discovered a security vulnerability or suspicious activity, please contact our security team directly at security@kappit.co.ke. We encourage responsible disclosure and will investigate all reports promptly.
Responsible Disclosure
If you believe you have discovered a security vulnerability or suspicious activity relating to Kappit, please contact our security team immediately. We take every report seriously and will investigate promptly.
Responsible Disclosure
We ask that you report potential vulnerabilities privately to our security team before making them public. Please include a description of the vulnerability, steps to reproduce it, and the potential impact. We will acknowledge your report and keep you informed as we investigate and resolve the issue.
Security is not just a feature — it is a core part of how Kappit is designed. Focus on growing your business while we help protect your data.