Security Infrastructure
Last updated: February 2026
Write-Once Audits
Every operating expense committed to the compliance ledger generates a cryptographically chained hash. Once compiled, records cannot be modified or re-ordered.
Role-Based RBAC
Separate encryption keys isolate data blocks. Global brokers cannot access developer vendor data, and communities cannot access private corporate payroll.
1. Access Control Disclosures
Authentication onto Kipimo utilizes MFA protocols. Compliance log viewing requires strict validation against verified organization emails. Auditor logs are tracked in real-time, mapping every administrative read/write query.
2. Cryptographic Receipts
CDA payout transactions generate cryptographically signed verification receipt blocks. CBOs can review receipts using their dashboard portal, ensuring developers cannot alter values after community distributions.
3. Infrastructure Standards
Kipimo does not store any raw financial credentials. All operations are run on virtualized sandboxes. API keys are hashed and stored using PBKDF2/SHA-256 protocols.
4. Real-time Malware & PDF Virus Protection
All PCN/ESIA certification documents uploaded to our document desks are subjected to an automated heuristic security pipeline. Uploads are scanned for macro threats and execution injections using ClamAV-based sandboxed engines to prevent malware insertion into our ledger system.
5. Double-Spend & Transaction Security Locks
To eliminate double-spend and race condition attacks, all Paystack checkout transactions are secured using strict database constraint validations. The onboarding complete handlers execute a `maybeSingle` reference query, blocking duplicate processing of transactions.
6. Secure Webhooks Ingestion (HMAC Verification)
Our external endpoints (including the Paystack webhook callback and the IoT telemetry receiver) are protected using cryptographic message authentication codes (HMAC-SHA512). Any request failing signature verification is immediately rejected with a 400 Bad Request error.
Continuous security testing and code auditing is completed monthly by certified cybersecurity compliance bodies.