Trust Center
Security & Compliance
SectID is built for regulated African institutions. This trust center documents our controls, certifications, and data handling practices for procurement and compliance reviews.
Certifications
SOC 2 Type II
In progressSecurity, availability, and confidentiality controls audit.
Q4 2026
ISO 27001
AlignedInformation security management system alignment.
Continuous
ODPC Registration
RegisteredOffice of the Data Protection Commissioner registration.
Kenya
Security Highlights
AES-256-GCM encryption at rest for PII and documents
Tenant isolation with organization-scoped queries
RBAC with least-privilege role matrix
Append-only audit log with hash chaining
Signed webhooks with HMAC-SHA256
API key hashing with pepper
Session cookies: HttpOnly, Secure, SameSite
Data Residency
Kenya (primary)
Default data residency for KE tenants
EU
Available on enterprise plans
South Africa
Roadmap — af-south-1
Subprocessors
View all →| Vendor | Purpose | Region |
|---|---|---|
| Smile Identity | Document & biometric verification | Global |
| Amazon Web Services | Cloud infrastructure | eu-west-1 / af-south-1 |
| Neon Postgres | Managed database | EU |
| Vercel | Application hosting | Global edge |
Enterprise Compliance Pack
Signed customers can download SOC 2 bridge letter, DPIA template, subprocessor list, and penetration test summary from the in-app trust center.