Security

Bank-grade rails. Field-tested at 3am.

We handle real money, real people, at real crowd scale. Security isn't a checkbox — it's the whole engine.

SOC 2 Type II

Certified

PCI DSS L1

Merchant + service provider

GDPR & DPA 2019

Data processing compliant

99.99% uptime SLA

Enterprise tier

How we run it

Practices baked in.

Zero-trust architecture

Every service, every call, mutually authenticated. Secrets rotate every 24h.

Data at rest and in transit

AES-256 at rest, TLS 1.3 in transit. Keys in a customer-isolated KMS.

Hardened infrastructure

VPC-per-tenant for enterprise. Continuous scans. Third-party pen tests quarterly.

Auditability

Immutable audit log for every action, exportable to your SIEM.

Report a vulnerability

security@hksocial.co.ke

Responsible disclosure is celebrated. We respond in under 24h.