Effective Date: 22 January 2025
Last Updated: 28 January 2025
1. Introduction
At KasiConvocation, your security is not just a priority — it’s our responsibility. We understand the importance of safeguarding your personal information, financial data, and online activities, especially within a platform built for financial collaboration and group savings. Our commitment to security ensures that you can use KasiConvocation with confidence, knowing that your data and transactions are protected.
This Security Policy is designed to provide transparency about the measures we take to secure the platform and outline the responsibilities of both our team and users in maintaining a safe and trustworthy environment. By using KasiConvocation, you agree to follow the guidelines, best practices, and responsibilities outlined in this document, which are integral to ensuring a secure experience for all users.
Key areas covered in this policy include:
• Data Protection: How we collect, use, and store your personal and financial data securely.
• Account Security: Measures implemented to safeguard your account, such as strong authentication protocols and encryption.
• Platform Security: The technology and processes we use to protect the platform from cyber threats.
• User Responsibility: Best practices and guidelines for users to help maintain the security of their accounts and interactions on the platform.
Our goal is to create a secure, transparent, and reliable platform where you can focus on achieving your savings goals without worrying about your safety. If you have questions about this Security Policy or concerns about security on the platform, please contact us immediately. Your feedback helps us continue to improve and stay ahead of evolving threats.
2. User Data Protection
At KasiConvocation, the security and privacy of our users’ data are of utmost importance. We are committed to implementing robust security measures to safeguard personal, financial, and transactional information. Below is a detailed breakdown of our policies to ensure user data protection:
2.1 Personal Information Security
We take stringent measures to protect all personal data provided by our users.
2.1.1. Secure Storage
2.1.1.1. Personal information, such as names, email addresses, phone numbers, and ID documents, is encrypted and securely stored in our database.
2.1.1.2. Access to personal data is strictly controlled and limited to authorized personnel who require it for specific purposes, such as customer support or verification.
2.1.2. Regulatory Compliance
2.1.2.1. KasiConvocation fully complies with all relevant data protection laws, including:
– POPIA (Protection of Personal Information Act): Ensuring the lawful, fair, and transparent processing of personal information in South Africa.
– GDPR (General Data Protection Regulation): Adhering to international standards for the processing and protection of personal data.
2.1.2.2. Users have the right to access, modify, or request the deletion of their personal data as per these regulations.
2.1.3. User Control
2.1.3.1. Users can update or delete their personal data via their account settings.
2.1.3.2. Notifications and settings for sharing or restricting data are clearly provided to give users complete control over their information.
2.2 Payment and Financial Security
Ensuring the security of financial transactions is a top priority on KasiConvocation.
2.2.1. Secure Payment Gateways
2.2.1.1. All financial transactions are processed through trusted and secure payment gateways, such as Ozow, which adhere to Payment Card Industry Data Security Standards (PCI-DSS).
2.2.1.2. No sensitive financial details (e.g., credit or debit card numbers) are stored on KasiConvocation servers to eliminate risks of data breaches.
2.2.2. User Authentication
2.2.2.1. Users are required to set up a secure 5-digit PIN or enable biometric authentication (e.g., fingerprint or facial recognition) to access their wallets and complete transactions.
2.2.2.2. Authentication methods are designed to prevent unauthorized access to user accounts and wallets.
2.2.3. Transaction Alerts
2.2.3.1. Users receive real-time notifications for every transaction, including contributions, withdrawals, and payouts, to ensure transparency and detect any unauthorized activity promptly.
2.2.4. Fraud Monitoring
2.2.4.1. Advanced monitoring systems are in place to detect and prevent fraudulent or suspicious activities.
2.3 Data Encryption
We implement industry-leading encryption technologies to ensure that user data remains secure at all times.
2.3.1. Encryption Protocols
2.3.1.1. All user data is encrypted using Advanced Encryption Standard (AES-256), ensuring that even in the unlikely event of a data breach, sensitive information remains unreadable.
2.3.1.2. Data stored on servers is encrypted at rest, while data in transit is encrypted to maintain confidentiality.
2.3.2. Secure Communication Channels
2.3.2.1. Communication between the platform and users is protected by SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols.
2.3.2.2. The use of HTTPS ensures secure browsing and protects data transmitted over the internet.
2.3.3. Encryption of Payment Data
2.3.3.1. Payment details are encrypted during processing by payment gateways, ensuring the safety of sensitive financial information.
2.3.3.2. Tokens are used to replace sensitive payment data during recurring transactions to further enhance security.
2.3.4. Backups and Redundancy
2.3.4.1. Regularly encrypted backups of user data are maintained to ensure data integrity and availability in case of system failures or disasters.
2.4 Continuous Security Improvement
2.4.1. Regular Audits
2.4.1.1. KasiConvocation conducts regular security audits and assessments to identify and mitigate potential vulnerabilities.
2.4.1.2. Third-party penetration testing is carried out to ensure robust security measures are in place.
2.4.2. User Education
2.4.2.1. We provide users with tips and best practices for maintaining account security, such as creating strong passwords, avoiding sharing account details, and recognizing phishing attempts.
2.4.3. Incident Response
2.4.3.1. In the event of a data breach or security incident, users will be promptly notified, and corrective actions will be taken immediately.
3. User Authentication
3.1 Account Verification
To ensure the security and integrity of the KasiConvocation platform, all users are required to verify their accounts through a comprehensive multi-step process:
3.1.1. Email Verification
Users must confirm their email address by clicking a unique link sent to their inbox upon registration. This ensures that the email provided is active and accessible.
3.1.2. Phone Number Authentication
Users must authenticate their phone number by entering a one-time PIN (OTP) sent via SMS or WhatsApp. This adds another layer of verification.
3.1.3. Identity Verification
Users may be required to upload a valid government-issued ID, such as a passport, driver’s license, or ID card, for additional security. Uploaded IDs are securely stored and used solely for verification purposes.
Verified users are identified with distinct status badges to indicate their level of verification:
– Amber: ID verified, confirming the user’s identity.
– Green: Premium subscription, indicating a paid user with additional features.
– Gold: Premium Plus subscription, showing the highest level of membership and verification.
3.2 Login Security
To protect user accounts from unauthorized access, KasiConvocation implements advanced login security protocols:
3.2.1. Two-Factor Authentication (2FA)
Users have the option to enable 2FA for added security. With 2FA, logging in requires both the password and a unique OTP sent to the user’s registered phone number or email, significantly reducing the risk of unauthorized access.
3.2.2. Strong Password Requirements
Users are required to create strong passwords with the following criteria:
– At least 8 characters in length.
– A mix of uppercase and lowercase letters.
– At least one numeric digit.
– At least one special character (e.g., @, #, $, &).
This ensures that weak or easily guessable passwords are avoided, reducing the risk of hacking attempts.
3.2.3. Login Attempt Monitoring
– The system monitors failed login attempts to detect suspicious activities.
– If multiple failed attempts are detected, the account will be temporarily locked to prevent brute-force attacks. Users will receive a notification and instructions on how to unlock their account securely.
3.2.4. Session Timeouts
For added security, user sessions automatically expire after a period of inactivity. Users will need to log in again to continue accessing their accounts.
4. Platform Security Measures
4.1 Continuous Monitoring
4.1.1. KasiConvocation employs advanced security tools and systems to monitor the platform 24/7 for unusual or suspicious activity. This includes real-time tracking of login attempts, transactions, and any unauthorized access attempts.
4.1.2. Alerts are automatically generated if irregular activity is detected, allowing immediate action to protect user accounts and platform integrity.
4.1.3. The platform undergoes regular security audits to ensure compliance with the latest cybersecurity standards.
4.1.4. External penetration testing is conducted periodically by third-party experts to identify and address potential vulnerabilities in our systems. These proactive measures help us stay ahead of evolving cyber threats.
4.1.5. A dedicated incident response team is in place to act swiftly in case of any security breaches or threats, minimizing potential risks to user data and platform functionality.
4.2 Secure Communication
4.2.1. All communications within KasiConvocation, including messages exchanged between users and group discussions, are encrypted using industry-standard encryption protocols (e.g., AES-256). This ensures that messages cannot be intercepted or accessed by unauthorized parties.
4.2.2. Sensitive user actions, such as password resets and financial transactions, are secured through end-to-end encryption, further protecting user privacy and data integrity.
4.2.3. When users share links within the platform, link previews are generated securely, and content is scanned to prevent exposure to malicious or harmful links. Suspicious links are flagged or blocked to protect users.
4.2.4. Notifications, such as reminders and updates, are sent via secure channels to ensure the integrity and confidentiality of communication.
4.3 Limited Access
4.3.1. Access to sensitive user data is strictly restricted to authorized personnel who require it for platform management and support. All authorized individuals undergo rigorous background checks and regular training in data protection and security best practices.
4.3.2. Access control policies are enforced through multi-factor authentication (MFA) for all administrative accounts to reduce the risk of unauthorized access.
4.3.4. Activity logs for authorized personnel are maintained and monitored to ensure compliance with data access policies and to detect any misuse.
4.3.5. Role-based access control (RBAC) is implemented, ensuring that employees only have access to the data necessary for their specific roles. This minimizes the risk of exposure to sensitive information.
4.3.6. Regular audits of data access records are conducted to ensure transparency and compliance with security standards and privacy laws such as POPIA and GDPR.
5. User Responsibilities
To ensure the safety and security of all users on KasiConvocation, it is essential that every user adheres to the following responsibilities:
5.1 Protecting Your Account
5.1.1 Users are solely responsible for safeguarding the confidentiality of their login credentials, including usernames, passwords, PINs, and any biometric access settings.
5.1.2. Under no circumstances should you share your password, PIN, or allow anyone else to access your account. Doing so puts your personal data and financial transactions at risk.
5.1.3. Regularly update your password to strengthen account security. Choose a strong, unique password that combines letters, numbers, and special characters to minimize the risk of unauthorized access.
5.1.4. Avoid using the same password across multiple platforms or sharing it via unsecured channels, such as email or messaging apps.
5.2 Reporting Suspicious Activity
5.2.1. If you notice any unusual or unauthorized activity in your account, such as transactions you did not authorize or login attempts from unknown devices, report it immediately.
5.2.2. You can use the in-app “Report” feature to notify our team of suspicious behavior or send an email to support@kasiconvocation.com with the details.
5.2.3. Respond promptly to any security alerts sent by KasiConvocation regarding suspicious activities on your account.
5.2.4. Take immediate action to secure your account, such as changing your password or enabling additional security features, if you suspect your account has been compromised.
5.3 Keeping Your Information Updated
5.3.1. Users are required to keep their contact information, such as email addresses and phone numbers, accurate and up to date at all times.
5.3.2. Updated contact details are essential for receiving critical security notifications, transaction alerts, and updates regarding changes to the platform.
5.3.3. If you change your phone number, email, or other relevant contact details, update your profile information in the app immediately to maintain uninterrupted communication.
5.4 Regular Account Monitoring
5.4.1. Users should regularly review their transaction history and account activity for any discrepancies or unauthorized actions.
5.4.2. Stay vigilant and take proactive steps to secure your account, such as enabling two-factor authentication (2FA) and reviewing connected devices.
5.5 Compliance with Platform Policies
5.5.1. Adhere to KasiConvocation’s Terms and Conditions, Privacy Policy, and community guidelines to maintain a secure and trusted environment for all users.
5.5.2. Users found to be in violation of these responsibilities, including sharing credentials or failing to report security breaches, may have their accounts restricted or suspended to ensure the safety of the platform.
6. Fraud Prevention
Fraud prevention is a critical component of KasiConvocation’s security policy. We are committed to protecting our users from fraudulent activities and maintaining a trustworthy platform for all stokvel members. The following measures ensure fraud is minimized across the platform:
6.1 Vetting and Trust
6.1.1. Member Vouching System:
6.1.1.1. Users have the ability to vouch for other members they trust within the platform. A “Vouched by X Members” tag is displayed on a user’s profile, adding a layer of trust and transparency within stokvel groups.
6.1.1.2. The vouching system is designed to foster accountability, as users are more likely to vouch for individuals with whom they have positive experiences.
6.1.2. Admin Verification:
6.1.2.1. Stokvel admins are required to verify new members before accepting them into their groups. Verification may include reviewing the user’s profile details, vetting their contributions in other stokvels, and ensuring alignment with the group’s goals.
6.1.2.2. Admins can also review vouching tags and request additional identity verification before approving members, further strengthening the trust framework.
6.2 Suspicious Activity Detection
6.2.1. Automated Monitoring:
6.2.1.1. KasiConvocation’s system uses advanced algorithms to detect unusual activities, such as:
– Rapid, repeated transactions within a short period.
– Login attempts from unrecognized devices or locations.
– Large contributions or withdrawals that deviate from normal patterns.
6.2.1.2. Any flagged activity is immediately reviewed by our fraud prevention team to ensure the security of the user and the group.
6.2.2.3. Temporary Account Suspension:
6.2.2.4. Accounts exhibiting suspicious behaviour may be temporarily suspended while an investigation is conducted.
6.2.2.5. Suspended users will be notified via email and in-app alerts, and they may be required to provide additional verification to regain access.
6.2.2. Incident Reporting:
6.2.2.1. Users can report suspicious activities or behaviours directly through the app using the “Report User” or “Report Activity” feature. These reports are reviewed promptly to ensure swift action.
6.3 Scam Awareness
6.3.1. User Education Campaigns:
6.3.1.1. KasiConvocation is committed to empowering users with knowledge to prevent scams. We provide educational materials, such as:
– Regular notifications and emails detailing common scams and phishing attempts.
– In-app tips on safe online behaviour, such as avoiding sharing passwords or financial details.
6.3.2. Phishing Awareness
6.3.2.1. Users are warned to avoid clicking on suspicious links or providing personal information outside the platform.
6.3.2.2. Regular reminders are sent via email and app notifications about identifying legitimate KasiConvocation communication channels.
6.3.3. Community Engagement
6.3.3.1. We encourage users to share their experiences with scams to help others recognize fraudulent patterns.
6.3.3.2. An active FAQ section in the app includes a dedicated “Scam Awareness” segment to educate users further.
7. Privacy Settings
7.1 Control Over Information
KasiConvocation prioritizes user control over the visibility of their personal and group-related information. To ensure privacy:
7.1.1. Stokvel Visibility Options
Users can manage their stokvel’s visibility by setting it to “Public” or “Private”:
7.1.1.1. Public: Public stokvels can be discovered by anyone on the platform, allowing interested members to request to join. However, only approved members can view detailed activities and financial information.
7.1.1.2. Private: Private stokvels are visible only to invited members. These groups cannot be searched or discovered by non-members, ensuring an additional layer of privacy.
7.1.2. Protection of Personal Information
KasiConvocation does not share users’ personal information, such as phone numbers, email addresses, or transaction details, without explicit consent from the user. These details are securely stored and accessible only by the user and authorized administrators for necessary transactions.
7.1.3. Data Sharing Options
Users can decide what information is displayed on their profile, such as profile pictures, usernames, and bios, and can update their preferences at any time.
7.2 Notifications and Alerts
To enhance user engagement and transparency within stokvels, KasiConvocation provides real-time notifications for critical activities, such as:
7.2.1. Activity Notifications: Alerts about contributions, withdrawals, payouts, and updates within the stokvel.
7.2.2. Membership Updates: Notifications when someone requests to join, follows the stokvel, or when a member leaves.
7.2.3. Security Alerts: Alerts for changes in account settings, such as password updates or new device logins, to protect user accounts from unauthorized access.
7.3. Customization of Notifications
7.3.1. Users have full control over their notification preferences through the app’s settings. They can choose to:
7.3.2. Enable or disable notifications for specific activities.
7.3.3. Set notification tones or silence them during specific hours using a “Do Not Disturb” feature.
7.3.4. Opt for push notifications, email updates, or both.
7.4. User Empowerment
These privacy settings are designed to give users full control over their information and how they interact with the platform. Users are encouraged to review their settings regularly to ensure their preferences match their privacy and security needs.
8. Breach Response Plan
In the event of a security breach, KasiConvocation is committed to taking immediate and transparent action to protect our users and mitigate the impact of the breach. The following measures will be implemented to ensure a prompt and efficient response:
8.1 Incident Reporting
8.1.1. User Notification:
8.1.1.1. In the unlikely event of a security breach, all affected users will be notified within 72 hours of the incident.
8.1.1.2. Notifications will be sent via email, SMS (if available), and in-app alerts, ensuring users are informed promptly regardless of their preferred communication channel.
8.1.2. Details in Notifications:
8.1.2.1. The notification will include a clear description of the breach, the type of data that may have been affected, and any immediate steps users should take to protect themselves.
8.1.2.2. Users will also receive guidance on recognizing suspicious activity and safeguarding their accounts.
8.1.3. Help Desk Availability:
8.1.3.1. A dedicated support team will be available to assist users with questions or concerns about the breach. Users can contact us through the in-app chat, email support, or our helpline for further assistance.
8.1.4. Transparency:
8.1.4.1. We will provide regular updates to all affected users regarding the status of the investigation and resolution progress.
8.2 Immediate Action
8.2.1. Account Lockdown:
8.2.1.1. Accounts identified as potentially compromised will be temporarily locked to prevent further unauthorized access or misuse.
8.2.1.2. Users will be informed of the lockdown via email and app notifications.
8.2.2. Recovery Process:
8.2.2.1. Users with locked accounts will be guided through a step-by-step recovery process, which includes:
– Resetting Passwords: Users will be required to create new, secure passwords that meet our strengthened security criteria.
– Identity Verification: Users may need to verify their identity through secure methods such as two-factor authentication (2FA), government ID verification, or answering security questions.
8.2.3. Monitoring and Analysis:
8.2.3.1. The compromised accounts will undergo thorough monitoring to ensure no unauthorized activity persists.
8.2.3.2. Any suspicious transactions or activities during the breach period will be flagged and investigated.
8.2.4. Data Protection Measures:
8.2.4.1. Where applicable, we will work with external cybersecurity experts to analyze the breach and ensure no further vulnerabilities remain in the system.
8.2.4.2. Users will be advised on additional security measures they can take, such as enabling two-factor authentication (2FA) or reviewing linked accounts for unauthorized access.
8.2.5. Enhanced Security Tools:
8.2.5.1. Following a breach, additional security tools (such as login activity logs and notifications for new device sign-ins) may be rolled out to all users to strengthen future protection.
8.3 Root Cause Analysis and Prevention
8.3.1. Comprehensive Investigation:
8.3.1.1. Our security team will conduct a detailed root cause analysis to identify how the breach occurred and implement measures to prevent recurrence.
8.3.1.2. Findings from the investigation will be used to strengthen our security infrastructure.
8.3.2. Security Upgrades:
8.3.2.1. If any system vulnerabilities are identified, they will be promptly addressed with security patches and upgrades.
8.3.2.2. We will implement additional layers of protection, such as advanced threat detection tools and regular system audits.
8.3.3. User Education:
8.3.3.1. We will roll out user-focused educational campaigns, providing tips on identifying phishing attempts, creating strong passwords, and avoiding risky online behavior.
8.3.3.2. A dedicated Security Resources page will be updated with helpful guides and FAQs for users.
8.4 Collaboration with Authorities
8.4.1. Law Enforcement Notification:
8.4.1.1. If the breach involves illegal activity or financial theft, we will work with law enforcement agencies to investigate and prosecute offenders.
8.4.2. Data Protection Regulators:
8.4.2.1. As required, we will notify relevant data protection regulators in compliance with applicable laws, such as South Africa’s Protection of Personal Information Act (POPIA).
8.5 Post-Incident Monitoring:
8.5.1. Continued Monitoring:
8.5.1.1. Following a breach, affected accounts will be monitored closely for unusual activity to ensure no lingering risks remain.
8.5.1.2. New security protocols will be enforced for all user accounts to maintain system integrity.
8.5.2. Audit and Reporting:
8.5.2.1. A detailed incident report will be compiled and shared internally to review the breach response and improve future readiness.
8.5.3. System Updates:
8.5.3.1. Based on lessons learned, we will integrate advanced threat detection and prevention tools to mitigate future risks.
9. Updates to the Security Policy
At KasiConvocation, we are committed to maintaining the highest standards of security to protect our users and their data. To ensure we stay ahead of evolving security risks and industry standards, we reserve the right to update this Security Policy periodically. These updates are made to enhance our security measures, address emerging threats, and comply with new regulatory requirements or technological advancements.
9.1 Notification of Updates
9.1.1. Users will be notified of any significant changes to this Security Policy through multiple communication channels, including:
9.1.1.1. Email Notifications: Registered users will receive detailed emails outlining the changes and how they impact their usage of the platform.
9.1.1.2. In-App Notifications: Updates will also be communicated directly within the app to ensure users are informed while using the platform.
9.1.2. For minor updates that do not significantly impact user experience or security practices, changes will be communicated through an announcement on our website and app.
9.2 Access to the Updated Policy
9.2.1. The latest version of the Security Policy will always be accessible:
9.2.1.1. On the Website: A dedicated “Security Policy” section will be available under the “Help” or “Terms & Policies” menu.
9.2.1.1. In the App: Users can find the updated policy under the “Settings” or “Privacy and Security” section.
9.2.2. We encourage users to review the updated policy regularly to stay informed about how we protect their data and ensure secure interactions on our platform.
9.3 User Acknowledgment
By continuing to use the KasiConvocation platform after changes are implemented, users acknowledge and agree to the updated Security Policy. Should a user have any concerns or questions regarding the updates, they are encouraged to contact our support team for clarification.
9.4 Commitment to Transparency
Our priority is to maintain transparency and build trust with our users. Therefore, any updates to the Security Policy will be communicated clearly, and users will have access to resources explaining the changes and how they benefit the overall security of their accounts and data.
10. Contact Information
At KasiConvocation, we are committed to providing a secure and transparent platform for all our users. If you have any questions, concerns, or feedback related to this Security Policy, or if you notice any suspicious activity, we encourage you to reach out to us immediately. Our team is dedicated to addressing your concerns promptly and ensuring your safety while using our platform.
You can contact us through the following channels:
10.1. Email
Reach out to us via email at support@kasiconvocation.com. Our support team monitors this inbox regularly and will respond to your inquiries within 24-48 hours. Please provide a detailed description of your issue or concern to help us assist you effectively.
10.2. Phone
For urgent matters, you can call our customer support team at +27 61 428 0018 during business hours (Monday to Friday, 8:00 AM – 5:00 PM). Our representatives are ready to provide assistance and answer your questions.
10.3. Physical Address
If you prefer to send us a formal letter or visit our office, you can find us at:
136 2nd Street, Randjespark, Midrand, Gauteng, Johannesburg, South Africa 1685
Please note that in-person visits are by appointment only to ensure we can allocate adequate time to address your concerns.
10.4. Help Centre
Visit our online Help centre on the KasiConvocation platform for FAQs, guides, and additional resources to address common security-related questions.
10.5. Reporting Security Issues
If you suspect a breach or encounter a security issue on the platform, please report it immediately to security@kasiconvocation.com. This email is monitored by our dedicated security team, who will investigate and resolve the matter as quickly as possible.
We value your trust in KasiConvocation and are committed to maintaining the highest standards of security. Your feedback and vigilance are integral to helping us create a safe and secure platform for everyone.