Trust Center

Security & Compliance

SectID is built for regulated African institutions. This trust center documents our controls, certifications, and data handling practices for procurement and compliance reviews.

Certifications

SOC 2 Type II
In progress

Security, availability, and confidentiality controls audit.

Q4 2026

ISO 27001
Aligned

Information security management system alignment.

Continuous

ODPC Registration
Registered

Office of the Data Protection Commissioner registration.

Kenya

Security Highlights

AES-256-GCM encryption at rest for PII and documents
Tenant isolation with organization-scoped queries
RBAC with least-privilege role matrix
Append-only audit log with hash chaining
Signed webhooks with HMAC-SHA256
API key hashing with pepper
Session cookies: HttpOnly, Secure, SameSite
Full security documentation

Data Residency

Kenya (primary)

Default data residency for KE tenants

EU

Available on enterprise plans

South Africa

Roadmap — af-south-1

Subprocessors

View all →
VendorPurposeRegion
Smile IdentityDocument & biometric verificationGlobal
Amazon Web ServicesCloud infrastructureeu-west-1 / af-south-1
Neon PostgresManaged databaseEU
VercelApplication hostingGlobal edge

Enterprise Compliance Pack

Signed customers can download SOC 2 bridge letter, DPIA template, subprocessor list, and penetration test summary from the in-app trust center.