Your data is protected
at every layer
SPS handles personal data and financial portfolios. We take that responsibility seriously. Here is exactly how we keep your information safe — in plain English.
Data Encryption
All sensitive information — passwords, payment references, and API tokens — is encrypted using AES-256 before it is written to the database. Even if the database were ever compromised, the data would be unreadable without the encryption keys.
Brute-Force Protection
Login attempts are rate-limited. After five consecutive failures, the account is locked for 15 minutes and a warning is sent by email. Automated password-guessing tools are blocked at the API level.
HTTPS Everywhere
All traffic between your browser and our servers is encrypted over TLS 1.2+. HTTP requests are automatically redirected to HTTPS. HSTS headers ensure your browser enforces this even if a link tries to bypass it.
CSRF Protection
Every form and state-changing API request requires a CSRF token. This prevents malicious third-party websites from tricking your browser into making unauthorised requests on your behalf.
Infrastructure & Backups
The application runs in an isolated container environment with a minimal attack surface. Automated daily database backups are encrypted and stored in a separate geographic region. Backups are tested monthly.
Payment Security
We never store card numbers or full payment credentials. All payment processing is handled directly by PCI-DSS certified gateways (Stripe and m-Pesa). SPS only stores a non-sensitive reference ID.
Found a vulnerability?
We run a responsible disclosure programme. If you discover a security issue, please email us at security@sps.app before publishing it publicly. We aim to acknowledge reports within 24 hours and resolve critical issues within 72 hours.
Contact security team