Moyopal Logo

Moyopal

Trust, Security & Compliance

Security by Design, Not as an Afterthought. Moyopal operates on a "Zero-Trust" architecture. We treat patient data with the same rigor as financial transactions.

Compliance Status

Our commitment to regulatory alignment and industry best practices.

Kenya Data Protection Act (ODPC)

REGISTERED

Moyopal is a fully registered Data Processor under the ODPC framework. We adhere to all local requirements for data handling and breach notification.

GDPR (General Data Protection Regulation)

COMPLIANT ARCHITECTURE

Our data processing pipelines are built on GDPR principles: Right to Access, Right to Erasure, and Data Minimization by design.

ISO 27001 / SOC 2

FRAMEWORK ALIGNED

We adhere to ISO 27001 information security standards for access control, risk management, and business continuity. We are currently in the audit readiness phase.

HIPAA

ALIGNED

For US-affiliated partners, our infrastructure is built to support HIPAA-compliant Business Associate Agreement (BAA) workflows, ensuring PHI is handled with the utmost care.

Infrastructure Security

Leveraging enterprise-grade cloud security to protect your data at every layer.

Encryption at Rest

All databases, caches, and object storage buckets are encrypted using industry-standard AES-256. Your data is unreadable, even with physical access to the hardware.

Encryption in Transit

All data moving between your facility and our cloud is secured via mandatory TLS 1.3. We prevent protocol downgrade attacks and ensure data integrity over the wire.

Data Residency

Patient health data is stored locally within African Cloud Regions (or ODPC-compliant jurisdictions) to ensure data sovereignty and compliance with local laws.

Operational Security

The human element of our security posture, ensuring rigorous internal controls.

Role-Based Access Control (RBAC)

Internal access to sensitive data is restricted by the Principle of Least Privilege. Only authorized engineers with "Need-to-Know" clearance can access production environments, via temporary, audited credentials.

Multi-Factor Authentication (MFA)

MFA is strictly enforced across all Moyopal administrative accounts, cloud consoles, and GitHub repositories to prevent unauthorized access.

Immutable Audit Logs

We maintain immutable logs of all system access and critical API calls for forensic auditing, ensuring a clear and unalterable record of activities.

Vulnerability Disclosure

Security researchers are partners in our safety. If you discover a vulnerability in our systems, please report it responsibly to alvin@moyopal.io. We acknowledge and fix valid reports within 48 hours.