Security Overview
Security Overview
CRP-CGD-CWC-001-R1: Security Overview
Effective Date: 10 May 2026
© 2026 Enxèro Systems. All rights reserved.
Printed copies are uncontrolled. Refer to the online version for the current revision.
1. Introduction
This Security Overview describes the general security principles and safeguards applied by Enxèro Systems in connection with the operation and delivery of the Services.
Security is approached as an ongoing operational responsibility intended to support:
confidentiality
integrity
availability
resilience of systems and data
This document provides a high-level overview only and does not describe all internal security measures or operational procedures.
This Security Overview should be read together with our:
Terms of Service
Privacy Policy
Data Processing Agreement (DPA)
Sub-processor Policy
2. Who We Are
Enxero System Ltd
P.O. Box 1036-00606
Nairobi, Kenya
(“Company”, “we”, “us”, or “our”)
3. Scope
This Security Overview applies to:
systems operated by Enxèro Systems in connection with the Services
personnel with authorized access to operational systems
sub-processors supporting delivery of the Services where applicable
This document does not apply to:
Customer-managed infrastructure
third-party services independently selected by Customers
Customer endpoint devices or local environments outside our operational control
Customers remain responsible for securing their own environments, user devices, credentials, and internal operational practices.
4. Security Governance Principles
Our security approach is based on principles including:
least-privilege access
confidentiality of data
operational accountability
secure system administration
risk-based security management
monitoring and incident response
Security controls may evolve over time in response to operational, legal, or technological changes.
5. Access Management
Access to systems and data is limited to authorized personnel and service providers with legitimate operational requirements.
Access controls may include:
authentication mechanisms
role-based permissions
credential management practices
access review processes
Customers are responsible for managing access rights within their own accounts and organizations.
6. Infrastructure and Hosting
The Services may be hosted using third-party infrastructure providers selected based on operational and security considerations.
We may use:
cloud hosting environments
backup and recovery systems
monitoring and logging services
security-supporting infrastructure
Additional information regarding subprocessors may be available through the Governance Hub.
7. Monitoring and Operational Security
We may use monitoring, logging, and operational review processes designed to:
detect unauthorized activity
support system integrity
identify operational issues
investigate incidents
maintain service reliability
Security-related records may be retained in accordance with our Data Retention Policy.
8. Encryption and Data Protection
We may use encryption and related safeguards where appropriate based on:
operational requirements
sensitivity of data
system architecture
applicable legal obligations
No transmission or storage method can guarantee absolute security.
9. Vulnerability and Incident Management
We maintain processes intended to support:
identification of security issues
incident assessment
containment and remediation
operational recovery where reasonably possible
Information regarding external reporting of security concerns may be available in the Incident & Vulnerability Disclosure Policy.
10. Personnel and Confidentiality
Personnel with authorized access to systems or data are expected to comply with applicable confidentiality and security obligations.
Access is intended to be limited to what is reasonably necessary for operational responsibilities.
11. Sub-processors
We may engage sub-processors to support operation of the Services.
Sub-processors processing personal data on our behalf are expected to operate under contractual obligations relating to:
confidentiality
security
restricted processing purposes
Additional information is available in our:
Sub-processor Policy
Sub-processor List
12. Customer Responsibilities
Customers remain responsible for:
managing account credentials
configuring user permissions appropriately
securing Customer-managed environments
evaluating whether the Services meet their regulatory or operational requirements
maintaining appropriate backups where necessary
Shared responsibility is an important part of maintaining secure operations.
13. Changes to This Policy
We may update this Privacy Policy from time to time.
Material changes will be communicated through:
email notification
publication in the Governance Hub
notification on the Service page
Updated versions become effective on the stated effective date.
14. Contact Information
For legal or governance inquiries:
Enxero System Ltd
P.O. Box 1036-00606
Nairobi, Kenya
[email protected]
CRP-CGD-CWC-001-R1: Security Overview
Effective Date: 10 May 2026
© 2026 Enxèro Systems. All rights reserved.