Trust & Security

Trust, Security & Data Protection

Independently assured (annual ISAE 3402), POPIA & Mauritius DPA aligned, data deployed where it needs to live, and built on Microsoft Azure.

Four pillars

How we protect your data

Independently assured, ISAE 3402

Every year we undergo an independent ISAE 3402 assurance engagement covering our general IT control environment: the controls that govern system access, change management and IT operations. External, recurring and evidence-based: an independent auditor verifies our control discipline each year.

Data protection: POPIA & the Mauritius DPA

We design and operate in line with the data-protection laws of the markets we serve: POPIA in South Africa and the Data Protection Act in Mauritius. In practice: lawful, purpose-limited processing, data minimisation, defined retention and respect for data-subject rights, with privacy considered from the design stage.

Data sovereignty: where your data needs to live

Hosting and residency are agreed per engagement: we can deploy within your own Microsoft Azure tenant or a chosen Azure region, keeping South African data in South Africa, and handling Mauritian data in line with local requirements. You retain ownership and control of your data throughout.

A secure foundation, built on Microsoft

Our solutions are engineered on Microsoft Azure and the wider Microsoft ecosystem, and we hold Microsoft partner designations that reflect assessed capability and standing. Building on Azure means your solution sits on a platform that carries extensive, independently-audited security and compliance certifications.

Talk to us about your security & compliance requirements

We’re happy to walk your security, risk and procurement teams through our controls, data-protection approach and hosting options.