1. Our Security Commitment

At Pocket Pesa, security is our top priority. We employ industry-leading security measures to protect your financial information, personal data, and transactions. Our multi-layered security approach is designed to safeguard your account and provide you with peace of mind while using our services.

2. Infrastructure Security

Our platform is built on a secure foundation that includes:

• Secure Data Centers: We host our services in state-of-the-art data centers with physical security controls, including 24/7 monitoring, biometric access controls, and redundant power systems.
• Network Security: We implement multiple layers of network security, including firewalls, intrusion detection systems, and DDoS protection to defend against external threats.
• Server Hardening: Our servers are configured according to industry best practices to minimize vulnerabilities and prevent unauthorized access.
• Regular Security Audits: We conduct comprehensive security audits and penetration testing to identify and address potential vulnerabilities.

3. Data Encryption

We protect your data through comprehensive encryption measures:

• Transport Layer Security (TLS): All data transmitted between your device and our servers is encrypted using TLS, ensuring that your information cannot be intercepted during transmission.
• End-to-End Encryption: Sensitive communications and transactions are protected with end-to-end encryption, meaning only the intended recipients can access the information.
• Data-at-Rest Encryption: Your stored data is encrypted using advanced encryption algorithms, protecting it even if physical access to our servers were compromised.
• Encryption Key Management: We implement strict controls for encryption key management, including regular key rotation and secure key storage.

4. Account Security

We provide multiple layers of protection for your account:

• Multi-Factor Authentication (MFA): We strongly recommend enabling MFA for your account, which requires a second form of verification beyond your password.
• Biometric Authentication: On supported devices, you can use fingerprint or facial recognition to access your account securely.
• Strong Password Requirements: We enforce robust password policies to ensure your account credentials are not easily compromised.
• Session Management: We implement secure session handling, including automatic timeouts and the ability to view and terminate active sessions.
• Login Notifications: You can receive notifications of login attempts to your account, allowing you to quickly identify unauthorized access attempts.

5. Transaction Security

Every transaction on our platform is protected by multiple security measures:

• Transaction Verification: Additional verification steps for high-value or unusual transactions to prevent fraud.
• Transaction Limits: Customizable transaction limits to control the maximum amount that can be transferred from your account.
• Real-time Monitoring: Advanced systems that continuously monitor transactions for suspicious activities and potential fraud.
• Secure Payment Processing: Integration with trusted payment processors that adhere to the highest security standards.
• Transaction Receipts: Detailed transaction receipts and history to help you track and verify your financial activities.

6. Fraud Prevention

We employ sophisticated fraud prevention measures to protect you and our platform:

• Behavioral Analysis: Advanced algorithms that analyze user behavior to detect anomalies that may indicate fraudulent activity.
• Device Recognition: Technology that identifies and remembers the devices you use to access your account, flagging unfamiliar devices for additional verification.
• Fraud Detection Systems: Automated systems that identify and block suspicious transactions in real-time.
• 24/7 Fraud Monitoring: Our security team continuously monitors for potential fraud and responds rapidly to suspicious activities.

7. Security Compliance and Certifications

We adhere to international security standards and best practices:

• PCI DSS Compliance: We comply with the Payment Card Industry Data Security Standard for handling credit card information.
• ISO 27001: Our information security management system is aligned with ISO 27001 standards.
• GDPR Compliance: We adhere to the General Data Protection Regulation requirements for protecting personal data.
• Regular Audits: We undergo regular third-party security audits and assessments to validate our security controls.

8. Security Response

We have established procedures to respond to security incidents:

• Incident Response Team: A dedicated team of security professionals ready to respond to security incidents 24/7.
• Vulnerability Management: A structured process for identifying, assessing, and remediating security vulnerabilities.
• Security Updates: Regular updates to our systems and applications to address new security threats and vulnerabilities.
• User Notifications: Timely notifications to affected users in the event of a security incident that may impact their accounts.

9. Your Role in Security

While we implement robust security measures, your participation is essential in maintaining the security of your account:

• Use a strong, unique password for your Pocket Pesa account and change it regularly.
• Enable Multi-Factor Authentication for an additional layer of security.
• Keep your device's operating system, applications, and antivirus software up to date.
• Be vigilant about phishing attempts and never share your login credentials or verification codes.
• Regularly review your transaction history and report any suspicious activities immediately.
• Log out of your account when using shared or public devices.
• Keep your contact information up to date so we can reach you if we detect suspicious activity.

10. Reporting Security Concerns

If you suspect any security issues or have concerns about your account, please contact us immediately:

• Email: info@pocketpesa.app

Our security team is available 24/7 to address your concerns and investigate potential security issues.

11. Security Updates and Education

We are committed to keeping you informed about security best practices and updates:

• Regular security tips and updates through our blog, email newsletters, and mobile app notifications.
• Educational resources to help you recognize and avoid common security threats like phishing and social engineering.
• Transparent communication about our security practices and any significant changes to our security policies.

12. Contact Information

For questions or concerns regarding our security measures, please contact our Security Department:

Pocket Pesa Ltd.
Kampala, Uganda
Email: info@pocketpesa.app