Trust, security & compliance
What established enterprises and public institutions need to know before working with us — security posture, data protection, SLAs and vendor prequalification.
Built for buyers who do due diligence
Data protection
We build to the Kenya Data Protection Act 2019: consent-based data handling, encryption in transit and at rest, and least-privilege access. ODPC registration in progress.
Security practices
OWASP Top 10 methodology, dependency scanning, secrets management, and regular backups with tested restores. Security audits available on request.
Clear agreements & SLAs
Written scope before any money changes hands, milestone-based delivery, and support SLAs with defined response times for production systems.
Compliance pack
Company registration, tax compliance, references, and our security/data-protection policies are available to procurement teams on request for vendor prequalification.
Numbers you can verify, code that runs in production.
We don't just talk about M-Pesa — we ship it. The same Daraja STK Push code below powers deposits across our live products.
// STK Push — the exact pattern we run in production
$mpesa->stkPush([
'amount' => 1,
'phone' => '2547XXXXXXXX',
'reference' => $invoice->id,
'description' => 'Deposit',
]); // → 200 OK { "CheckoutRequestID": "ws_CO_..." }Vendor prequalification
Can you complete our vendor prequalification / supplier registration?
Yes. We can provide certificate of incorporation, CR12, KRA tax compliance certificate, company profile, key-staff CVs, and our data-protection, cybersecurity and business-continuity policies for your procurement process.
Do you sign NDAs and data-processing agreements?
Yes — we routinely sign NDAs and DPAs and can work within your data-residency and security requirements.
Can you provide client references?
Yes, referenceable contacts are available on request. In addition, six of our own products run in production today — you can use them right now as proof of engineering capability.
