kabasika.
Security-first

Your data is safe with Kaba

We treat your financial data with the same care you treat your business. Strong encryption, strict access controls, and we never sell your data.

Encryption in transit

All data between your device and Kaba is encrypted with TLS 1.3. This applies to web, mobile, and API traffic. We enforce HTTPS everywhere.

Encryption at rest

Your data is stored with strong encryption (AES-256). Backups and exports are encrypted. Encryption keys are managed in a dedicated key-management service with automatic rotation.

Role-based access control

Every team member is assigned a role — Owner, Accountant, Invoicer, or Viewer — with a strictly defined permission set. No over-privilege by default.

Hosting & data residency

Kaba runs on enterprise-grade cloud infrastructure in the af-south-1 (Cape Town) region — for proximity to West Africa and clear data residency. The platform uses isolated networking, encrypted databases, managed compute, and a global edge network. This page stays focused on outcomes rather than a full public catalog; a concise architecture summary and control mappings are available to prospects and partners during security review.

Backups & recovery

Financial data is protected with continuous backup and point-in-time recovery within our standard retention window (currently up to 35 days). We exercise restore procedures on a regular cadence.

No data selling

We do not sell, rent, or trade your business data to third parties. Your financial data is yours. We use it only to operate Kaba and improve the product.

Responsible disclosure

If you discover a security vulnerability in Kaba, please disclose it responsibly. Do not exploit it or share it publicly before we have had a reasonable chance to fix it.

We commit to acknowledging your report within 48 hours, keeping you informed of progress, offering public credit if you want it, and not taking legal action against good-faith researchers.

Security contact
security@kabasika.com

Compliance & certifications

OHADA compliant
Active
HTTPS everywhere
Active
SOC 2 Type II
In progress

Questions about security?

Our team can walk you through our security posture, share documentation under review where appropriate, and answer compliance questions.

Contact us