BilaFundi Security
Legal & Policies

Security

Last updated 14 July 2026 BilaFundi Technologies Ltd

Our Commitment to Security

BilaFundi takes the security of your data seriously. We implement industry-standard controls to protect the platform and the information of our users.

Infrastructure

  • Encryption in transit: all data is transmitted over HTTPS using TLS 1.2+
  • Encryption at rest: sensitive data is encrypted in our database
  • Cloud hosting: our infrastructure is hosted on AWS with automated backups and redundancy
  • Access controls: production systems are accessible only to authorised engineers via multi-factor authentication

Application Security

  • Protection against OWASP Top 10 vulnerabilities including SQL injection, XSS, and CSRF
  • Rate limiting on authentication endpoints to prevent brute-force attacks
  • Regular dependency updates and security patches
  • Password hashing using bcrypt

Payment Security

BilaFundi does not store payment card numbers. All payments are processed by our PCI-DSS compliant payment provider. We store only tokenised references.

Account Security Tips

  • Use a strong, unique password for your BilaFundi account
  • Never share your login credentials with anyone
  • Log out from shared or public devices
  • Contact us immediately if you notice suspicious activity on your account

Reporting a Vulnerability

If you discover a security vulnerability in BilaFundi, please report it responsibly by emailing security@bilafundi.com. Include:

  • A description of the vulnerability
  • Steps to reproduce it
  • The potential impact

We will acknowledge your report within 48 hours and aim to resolve confirmed vulnerabilities within 30 days. We do not pursue legal action against researchers who report in good faith.

Contact

Security concerns: security@bilafundi.com
General data protection: privacy@bilafundi.com