How We Protect Your Data
Enterprise-grade security architecture protecting every naira you track. Your financial data is encrypted, isolated, and audited — always.
Security Architecture
Defence-in-depth across six layers — from authentication to fraud detection.
Authentication & MFA
Multi-factor authentication (AAL2) with phone OTP, device fingerprinting, and session binding. Account lockout after 5 failed attempts with 15-minute cooldown.
- Phone OTP via Termii
- Device fingerprint tracking
- Concurrent session limits (max 3)
- Disposable email blocking
Data Encryption
Sensitive PII encrypted at rest using AES-256-GCM via server-side vault. TINs, Tax IDs, and bank details never stored in plaintext.
- AES-256-GCM encryption
- Server-side key management
- PII masking for non-admins
- Encrypted bank account details
Row-Level Security
Every database table protected with PostgreSQL Row-Level Security policies. Users can only access their own data — enforced at database level, not application level.
- RLS on all 121+ tables
- SECURITY DEFINER functions
- Base DENY policies
- Role-based admin bypass
API & Edge Security
All API endpoints protected with rate limiting, input validation via Zod schemas, and HMAC-SHA512 signature verification for third-party webhooks.
- Rate limiting (IP + user)
- Zod schema validation
- HMAC webhook verification
- SQL injection prevention
Fraud Detection
Real-time fraud scoring engine that tracks login anomalies, country/device changes, and suspicious transaction patterns with automated flagging.
- Login anomaly detection
- Velocity abuse monitoring
- Suspicious activity flagging
- Admin review workflow
Session Security
Sessions bound to device fingerprints with integrity monitoring. Maximum 3 concurrent sessions per user with automatic expiry of idle sessions.
- Device-bound sessions
- Session integrity checks
- Automatic idle expiry
- Force logout capability
Data Classification
Every piece of data is classified and handled according to its sensitivity level.
| Level | Examples |
|---|---|
Restricted | TIN, Tax ID, Bank account numbers |
Confidential | Income entries, expenses, tax calculations |
Internal | User profiles, preferences, settings |
Public | Blog posts, tax tips, guides |
Compliance & Certifications
KeepAm meets Nigerian regulatory requirements for data protection and professional standards.
CPN License
Computer Professionals Registration Council of Nigeria
NDPA Certificate
Nigeria Data Protection Act Compliance
NITDA Registration
National Information Technology Development Agency
NDPA Compliance Highlights
CBN AML Standards Alignment
KeepAm's security architecture aligns with the CBN Baseline Standards for Automated Anti-Money Laundering Solutions (March 2026). Our existing fraud detection, monitoring, and audit capabilities map directly to the circular's core requirements.
Risk-Based Fraud Scoring
CBN Requirement: ML Model ExplainabilityReal-time scoring engine that evaluates login behaviour, device changes, and transaction velocity — producing explainable risk factors for every flagged event.
Login Anomaly Detection
CBN Requirement: Transaction MonitoringBehavioural profiling detects unusual country, device, and time-of-day patterns. Velocity monitoring flags rapid-fire access attempts automatically.
Immutable Audit Trails
CBN Requirement: Record Keeping & ReportingEvery sensitive action is logged across activity_logs, compliance_events, and sensitive_access_logs — providing tamper-evident records for regulatory review.
Case Management & Review
CBN Requirement: Alert & Case WorkflowFlagged activities enter a structured admin review workflow with resolution tracking, escalation paths, and full audit history per case.
Responsible Disclosure
Found a vulnerability? We appreciate responsible disclosure. Report security issues and we commit to acknowledging receipt within 48 hours.
Your data is safe with us
We built KeepAm with the same security standards used by banks and fintechs — because your financial data deserves nothing less.