Security is a feature,
not an afterthought.
This page describes how we secure the Ngabantu platform, data, and our Flutter plugins. It is a high-level overview, not an exhaustive technical spec.
Minimum data, maximum protection.
We follow a principle of least privilege: store only what we need, restrict access by role, and log access to sensitive resources. Security is considered from the design phase of every feature.
Cloud & network security.
Ngabantu is hosted on reputable cloud providers with hardened OS images, automatic security updates where available, and restricted administrative access. Production networks are isolated from development environments.
In transit & at rest.
All external connections use TLS (HTTPS). Sensitive data such as license tokens, API keys, and secrets are encrypted at rest or stored in dedicated secrets managers provided by our cloud vendors.
Authentication, authorisation, and audits.
The Ngabantu platform uses modern authentication flows, support for multi-factor authentication, and role-based access control. Administrative actions and security-sensitive events are logged for audit purposes.
Background tracking with guardrails.
Our Flutter plugins are written with explicit permission prompts, background service indicators where required by the OS, and configurable sampling policies to balance accuracy with battery usage and privacy expectations.
We prepare for the worst day.
Core data stores are backed up regularly with tested restore procedures. Where supported, we use redundant zones or regions to minimise downtime.
If something goes wrong, we act fast.
In the event of a security incident, we investigate, contain, and remediate as quickly as possible, and notify affected customers in line with contractual and legal obligations.
If you believe you have found a vulnerability in Ngabantu or any of our plugins, please contact security@ngabantu.com. Please avoid publicly disclosing issues until we have worked with you on a fix.