Security & Data Protection

RentalDesk Security & Data Protection

RentalDesk is designed as a secure cloud platform for rent collection, tenant operations, and financial reporting.

Security controls are implemented in layers across application access, data storage, payments, and infrastructure operations.

1. Encryption and Network Security

• HTTPS/TLS encryption for all web traffic.
• Encrypted data transfer between application services.
• Firewall and perimeter controls for public-facing services.
• Access restrictions for administrative interfaces.

2. Identity and Access Management

• Role-based access controls for staff and client users.
• Permission boundaries for finance, operations, and admin functions.
• Authentication controls with session protections.
• Audit trails for key actions and configuration changes.

3. Application and Database Protection

• Input validation and request-level protections in critical workflows.
• Database access controls based on least privilege principles.
• Secure backup handling and retention controls.
• Operational monitoring for suspicious activity.

4. Payment and Transaction Security

• M-Pesa transaction callbacks are validated before processing.
• Payment logs are recorded for reconciliation traceability.
• Exception workflows are monitored for failed or mismatched payments.

5. Testing and Security Operations

• Security patching is applied as part of regular maintenance.
• Vulnerability checks are performed during platform updates.
• Incident response runbooks are used for critical security events.
• Penetration testing may be performed internally or with third parties.

6. Reporting Security Concerns

To report a security issue, contact support@rentaldesk.co.ke and include steps to reproduce, affected accounts, and timestamps where possible.

See also: Compliance, Data Protection, and Trust Center.