The following rules govern the gathering and use of client data:

  • Administrative tasks are exclusively performed over SSH tunnels
  • Database replication between PostgreSQL servers are exclusively performed over SSH tunnels
  • Web applications can only be accessed over HTTPS
  • Mobile applications can only access back-end services over HTTPS
  • SSH tunnels use protocol version 2 with at least 1024-bit AES encryption
  • Web and mobile applications use SSL RSA 2048 bits / SHA256 with RSA
  • General application data is not encrypted on disk.
  • Password stores for services such as MPesa are 128-bit AES encrypted
  • Access to and modification of specific data through Helium web and mobile apps, SMS and e-mail are strictly enforced by the platform implementation of business rules provided by the client. This is further enforced by an extensive user acceptance testing process.
  • Access to databases schemas with client data is limited to the Helium DevOps team, application developers and support staff.
  • Employees are required to formally agree to no sharing, leaking or discussion of client data with outside party except if it is in a written request/order from the client and has been approved by the Mezzanine Executive committee.