Security at LDPS Africa.
Producer KPIs, financial ledgers and investor reports are sensitive. This page is maintained by LDPS Africa and summarises the controls currently enabled across the platform. It is not a third-party attestation.
Encryption in transit & at rest
All traffic to the platform is served over TLS. Customer data, KPI snapshots and audit records are stored in a managed Postgres database with encryption at rest enabled by the underlying cloud provider.
Row-level security on every table
Every customer-facing table enforces row-level security policies that scope reads and writes to the authenticated user, their organisation, or — where appropriate — a narrow service role used only by verified background jobs.
Least-privilege role design
Roles are stored in a dedicated table, never on the user profile. Privileged operations (role grants, financial admin, suppression-list reads) require an explicit super-admin check via a security-definer function with a pinned search path.
Authentication you control
Email/password and Google sign-in are supported out of the box. Password leak protection (HIBP) is enabled. Two-factor authentication is on the roadmap for the next platform release.
Hardened server functions
App-internal logic runs through authenticated server functions. Webhooks (Paddle, M-Pesa) verify HMAC signatures against the raw request body before any state change. Service-role credentials never reach the browser bundle.
Auditable operational events
Sensitive lifecycle events — audit runs, role changes, payment outcomes, KPI snapshot writes — are captured in append-only operational and audit logs for end-to-end traceability.
Shared responsibility
LDPS Africa secures the platform, the database tier, the API surface and our managed identity provider. Customers are responsible for their own account credentials, the operating environments from which they upload data, and the integrations they enable against the LDPS Africa API.
Reporting a vulnerability
If you believe you have found a security issue, email security@ldpsafrica.com. We acknowledge reports within 72 hours and credit responsible disclosure in our release notes.
Compliance library
App-owned editable documents describing how the platform is built, run and audited.
- Security WhitepaperArchitecture, controls and operational practices.
- Data Governance PolicyClassification, retention, deletion and subprocessors.
- Risk RegisterTop risks tracked by LDPS Africa with mitigations.
- Incident Response PlanHow we detect, contain and communicate incidents.
- Business Continuity & DRRPO, RTO, backups and restoration runbook.
- Audit TrailWhat we record, where it lives, and for how long.