Trust & Security

Security Center

At Nidamiye, keeping your landlord and tenant data secure is our top priority. Learn about our encryption standards, platform infrastructure, and compliance roadmap.

8 min readUpdated: July 2026

1. Security Overview

Nidamiye is designed from the ground up to serve as a secure utility for landlords managing properties, tenants, and rental payment flows. We understand that the data you input is highly sensitive. We implement robust, industry-standard administrative, physical, and technical safeguards to prevent unauthorized access, disclosure, alteration, or destruction of your information.

2. Data Encryption

We ensure that data is fully protected both when it is traveling across networks and when it is stored on our servers:

  • Encryption in Transit: All data exchanged between your web browser and the Nidamiye servers is encrypted using Secure Sockets Layer (SSL/TLS 1.3) protocols. This prevents external parties from intercepting communications.
  • Encryption at Rest: Sensitive databases containing credentials, landlord configurations, tenant identities, and M-Pesa transaction histories are encrypted at rest using industry-standard AES-256 cryptographic algorithms.

3. Authentication and Access Controls

Securing access to landlord accounts is critical to keeping workspaces isolated and protected:

  • Password Requirements: Landlord accounts enforce strong password criteria to prevent brute-force login attempts.
  • Secure Authentication: Credentials are hashed using cryptographic salt algorithms before being stored in the database, ensuring passwords are never stored in plain text.
  • Session Management: Active login sessions are tracked using secure tokens that automatically expire after a set period of inactivity, reducing the risk of unauthorized physical workspace access.

4. Secure Infrastructure

Our infrastructure is hosted in premium, highly secure cloud data centers managed by leading global hosting providers:

  • Data Center Security: The physical facilities housing our servers feature 24/7 security monitoring, biometric access points, and redundant power and cooling grids.
  • Firewalls: Network security rules and web application firewalls restrict unauthorized port traffic, monitoring inbound requests to defend against common attack vectors.
  • Server Isolation: Landlord database transactions are compartmentalized to ensure strict logical isolation between different user accounts.

5. Data Protection Principles

We adhere strictly to privacy-by-design standards:

  • Data Minimization: We only collect tenant and landlord identifiers that are essential to run the rent-tracking utility.
  • No Data Sharing: Personal identifiers, payment details, and phone numbers are never rented, sold, or shared with third-party advertising companies.

6. Backups and Disaster Recovery

To prevent data loss and ensure service continuity in the event of hardware failures or server disruptions:

  • Automated Backups: System databases are backed up automatically every 24 hours.
  • Off-site Redundancy: Backups are stored across separate, secure geographical locations to guarantee recovery even in catastrophic infrastructure failures.
  • Restore Testing: Disaster recovery plans and database restores are periodically simulated to maintain swift Recovery Time Objectives (RTO).

7. Monitoring and Logging

We implement comprehensive monitoring to identify performance anomalies, security concerns, and code bugs:

  • Real-time Logs: System processes log activity logs to track network requests and system performance.
  • Error Tracking: Sentry is integrated into our application layers to catch frontend and backend code errors instantly, notifying development teams to roll out hotfixes immediately.
  • Intrusion Detection: Automated filters analyze server traffic patterns for anomalous behavior, such as rapid API queries or credential-stuffing patterns.

8. Vulnerability Disclosure Policy

We appreciate the work of independent security researchers in keeping the internet safe. If you believe you have discovered a vulnerability or security bug on the Nidamiye platform:

  • Responsible Disclosure: Please email us details at security@nidamiye.com before disclosing the bug publicly.
  • Nidamiye Action: We commit to acknowledging receipt of your report within 48 hours and working quickly to investigate and resolve confirmed bugs.
  • Safe Harbor: We will not pursue legal action against researchers who discover vulnerabilities through ethical, non-disruptive testing methods.

9. Incident Response

We maintain an active security incident response plan to handle potential threats:

  • Alerting: Automated alerts notify our operations team of system outages, unauthorized access patterns, or unexpected database anomalies.
  • Response Timelines: If a confirmed security incident occurs that affects landlord workspaces or tenant details, we will notify affected users within 72 hours of verification.
  • Post-Mortems: After resolving any security event, we complete a detailed post-mortem review to update code safeguards and prevent recurrent issues.

10. Compliance Roadmap

We are dedicated to building trust and aligning our practices with national and international data privacy and security frameworks. Our operations align with:

  • Kenya Data Protection Act, 2019: We structure our role as a data processor to help Kenyan landlords comply with their statutory tenant privacy obligations.
  • Somalia Data Protection Authority Alignment: We actively align our data storage, consent-oriented processing, and security measures to meet the evolving regulatory expectations of the Somalia Data Protection Authority, preparing the platform for local compliance as cross-border landlording grows.
  • General Data Protection Regulation (GDPR): We follow standard contractual clauses and process data strictly under controller instructions to uphold GDPR compliance standards where applicable.
  • SOC 2 & ISO/IEC 27001 Roadmap: As Nidamiye expands, we plan to seek formal SOC 2 Type II audits and ISO 27001 security management certifications in our upcoming compliance cycles.

11. System Status

We maintain a public status page to share real-time platform availability, API response times, and planned maintenance cycles. You can view our current status by clicking the Status link in the footer of our website or visiting status.nidamiye.com.

12. Security Contact

If you have questions about our security practices, need assistance with workspace permissions, or want to submit a vulnerability report, please reach out to us at:

  • Security Email: security@nidamiye.com
  • General Support: hello@nidamiye.com
  • Parent Company: Groundwork Technologies

Simplify your property management today

Experience the power of automatic rent tracking, instant M-Pesa matching, and automatic WhatsApp receipts.