Enterprise-grade security · Built for Africa

Security You
Can Trust

At Kappit, protecting your business data is our highest priority. From secure authentication to strict tenant isolation, we build security into every layer of the platform.

Encrypted
RBAC
Isolated
Audited
Auth
Private

Security by Design

Built in from day one

Layered Protection

Defence at every level

Privacy First

Your data stays yours

Continuously Improved

Security evolves with threats

Philosophy

Security by Design

Kappit is built with a security-first mindset. Rather than treating security as an afterthought, every feature is designed to help protect customer data, maintain privacy, and provide businesses with confidence as they grow.

From the moment a business signs up, their data operates inside its own isolated environment. Platform administrators have controlled, audited access for maintenance and support — never unrestricted access to customer data.

Security is not a feature — it is the foundation.

Protection

How We Protect Your Business

Multi-Tenant Isolation

Every company's data is logically isolated. No business can ever access another's information.

Role-Based Access Control

Employees only access the modules, branches, and information they have been authorized to use.

Secure Authentication

Strong password requirements, verified accounts, secure sessions, and protection against unauthorized access.

Password Encryption

Passwords are never stored in plain text. They are securely hashed using industry best practices.

Audit Logs

Important business actions are recorded to improve accountability and traceability across the platform.

Secure Sessions

Users can monitor active sessions and sign out from other devices remotely at any time.

Email Verification

Accounts are verified before they can access the platform, preventing unauthorized account creation.

Branch-Level Permissions

Businesses can control which employees access specific branches and departments independently.

Data Protection

Protecting Your Business Data

Customer data belongs to the customer. Kappit never shares your business data with other organizations, third parties, or other businesses on the platform.

Every company operates in its own isolated environment. Data from one business is never accessible to another — full isolation is enforced at every layer.

Platform administrators have controlled access for maintenance and customer support only. All privileged actions are logged and auditable.

Your Data Belongs to You

We never sell, share, or use your business data for any purpose beyond operating the platform.

Complete Company Isolation

Each business exists in its own secure environment — fully separated from all other companies.

Controlled Admin Access

Platform administrators can only act within defined, audited boundaries to support your account.

Data Retention Controls

Businesses retain control over their data with clear policies on how long information is held.

Account Security

Keeping Your Account Safe

Available Now

Email Verification

All accounts must be verified before gaining platform access.

Strong Password Policies

Minimum length, complexity requirements, and secure hashing enforced for all accounts.

Session Management

View and revoke active sessions across all your logged-in devices.

Login History

Review a full log of successful and failed login attempts on your account.

Security Notifications

Receive alerts for important account activity and security events.

Device Monitoring

See which devices are currently signed in to your account.

Account Lockout Protection

Accounts are temporarily locked after repeated failed login attempts to prevent brute-force attacks.

Coming Soon

Coming Soon

Two-Factor Authentication (2FA)

Add a second layer of verification to your login process.

Coming Soon

Passkeys

Passwordless authentication using device biometrics or hardware keys.

Coming Soon

Hardware Security Keys

Support for physical security keys as a second authentication factor.

Coming Soon

Single Sign-On (SSO)

Sign in with your organization's identity provider for seamless access.

Business Security

Control Access Within Your Business

Business owners have full control over who accesses what within their company. Kappit provides the tools to enforce strict internal security policies.

Manage employee permissions and roles

Control which modules each employee can access

Restrict access to specific branches or departments

Review complete company audit logs

Monitor employee login activity

Review security events within your business

Revoke user access instantly when needed

Platform Security

Platform-Wide Monitoring

Kappit continuously monitors the platform for anomalies, suspicious activity, and security events. Internal platform administration is completely separated from customer environments.

Platform-wide health and availability monitoring

Security event detection and logging

Failed login attempt tracking and alerting

Suspicious activity identification

Authentication trend analysis

System integrity monitoring

Separation of platform and customer environments

Resilience

Built for Reliability

Kappit is designed with resilience in mind. We maintain robust approaches to ensure business continuity and data safety.

Secure Backups

Business data is backed up regularly to ensure recovery in the event of an unexpected incident.

Recovery Planning

We maintain recovery plans and procedures designed to restore service as quickly as possible.

Infrastructure Resilience

The platform is built on resilient infrastructure to minimize downtime and maintain availability.

Continuous Monitoring

Systems are continuously monitored so issues are detected and addressed proactively.

Privacy

Privacy at Every Step

Kappit is designed to respect the privacy of your business and the people within it. Read our full Privacy Policy →

Personal Information

Collected only for account operation and platform improvement.

Business Information

Used exclusively to deliver platform services to your company.

Data Ownership

Your business data is yours — we do not claim ownership or rights.

Data Retention

Clear policies govern how long data is kept and when it is removed.

User Consent

We obtain appropriate consent before processing personal information.

Customer Control

Businesses can manage, export, or request deletion of their data.

Compliance

Compliance & Standards

Built to meet current requirements and designed to grow into global standards.

Current Practices

Kenyan Data Protection Act, 2019

Our platform is built to align with Kenya's data protection legislation and privacy requirements.

Privacy-First Platform Design

Privacy considerations are embedded into every feature design decision we make.

Full Audit Logging

All significant platform and business actions are logged for accountability and traceability.

Role-Based Permissions

Granular access controls ensure users only have the permissions they require.

Secure Authentication

Strong authentication practices protect all accounts on the platform from unauthorized access.

Future Goals

ISO 27001

Planned

Information security management standard — planned for future certification.

SOC 2

Planned

Service organization controls framework — part of our long-term compliance roadmap.

GDPR Support

Planned

Tools and processes to support businesses with GDPR obligations for European data subjects.

Regional Compliance Standards

Planned

Ongoing expansion to meet the data protection requirements of additional African jurisdictions.

Roadmap

Security Roadmap

We are continuously investing in new security capabilities to keep your business protected.

Coming Soon

Two-Factor Authentication

TOTP-based 2FA for all accounts on the platform.

Coming Soon

Passkeys

Passwordless authentication using biometrics and device credentials.

Coming Soon

Single Sign-On (SSO)

Enterprise identity provider integration for seamless login.

Coming Soon

Advanced Threat Detection

AI-assisted anomaly detection and real-time alerting for suspicious patterns.

Coming Soon

Automated Security Alerts

Proactive notifications when unusual account or platform activity is detected.

Coming Soon

API Security Enhancements

Rate limiting, token scoping, and advanced API authentication controls.

Coming Soon

Device Trust Management

Register and manage trusted devices for improved access security.

Coming Soon

Enhanced Compliance Reports

Detailed compliance and audit reports exportable for regulatory purposes.

FAQ

Security Questions

Kappit protects your data through multiple layers of security including multi-tenant isolation, encrypted passwords, role-based access control, secure sessions, email verification, and audit logging. Security is built into every layer of the platform, not added as an afterthought.

No. Every company on Kappit operates in its own logically isolated environment. Your data is never visible to, or accessible by, any other company on the platform. Full data isolation is enforced at every layer of the system.

Yes. Kappit provides granular role-based access control, allowing business owners to define exactly which modules, branches, and data each employee can access. Permissions can be updated or revoked instantly when circumstances change.

Passwords are never stored in plain text. All passwords are securely hashed using industry-standard cryptographic algorithms before being stored. Even Kappit administrators cannot view your password.

Yes. Kappit includes branch-level access controls that allow businesses to restrict which employees can access each branch or location. Each branch can have its own permissions, staff assignments, and operational boundaries.

Business owners can immediately deactivate or remove an employee's account, revoking all access to the platform. Any active sessions are terminated, and the former employee can no longer log in or access company data.

If you believe you have discovered a security vulnerability or suspicious activity, please contact our security team directly at security@kappit.co.ke. We encourage responsible disclosure and will investigate all reports promptly.

Responsible Disclosure

Report a Security Concern

If you believe you have discovered a security vulnerability or suspicious activity relating to Kappit, please contact our security team immediately. We take every report seriously and will investigate promptly.

Responsible Disclosure

We ask that you report potential vulnerabilities privately to our security team before making them public. Please include a description of the vulnerability, steps to reproduce it, and the potential impact. We will acknowledge your report and keep you informed as we investigate and resolve the issue.

Build Your Business
with Confidence

Security is not just a feature — it is a core part of how Kappit is designed. Focus on growing your business while we help protect your data.