Security
Introduction
To safeguard you and your customers' data and maintain user privacy, TandaPay employs bank-grade security standards. Both data at rest and data in transit are protected using security measures.
Data Encryption
Is a term used to describe the process of encrypting
Our database servers use encryption algorithms to encrypt data. In a network distinct from the database and application servers, encryption keys are cycled and maintained. They're kept in a cluster of fault-tolerant key management servers with restricted access. To guarantee optimum security, the master key is held in a safe vault.
Security of Transportation
HTTPS is used to encrypt any data supplied through our REST API. We conduct frequent security audits to guarantee that the certifications we provide are current. To guarantee that data is always secured throughout the transfer from our server to your application, we need HTTPS for all connections to our API server. It's critical that you utilize the same procedures to ensure that data is encrypted from beginning to finish.
Logging
We keep track of all API requests and web service interactions for further inspection.
Financial Regulations & PCI-DSS (Payment Card Industry Data Security Standard)
TandaPay will ensure that all sensitive financial information is redacted in compliance with the Republic of Kenya's applicable legislation, depending on the type of data integrations that are required.
Updated 2 days ago