Skip to main content
Xabira
Security

Your data is safe with us

Property management involves sensitive financial and identity data. We take that responsibility seriously — here's exactly what we do to protect it.

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Passwords are stored as bcrypt hashes — we never store plaintext credentials.

Access Controls

Role-based access control ensures that landlords only see their own data and tenants only see their own records. Internal Xabira staff access is logged and audited.

NIN Data Handling

National Identification Numbers are processed solely for tenant verification with explicit consent. We transmit NINs to Uganda's NIRA API over encrypted channels and do not store the raw NIN beyond verification.

Mobile Money Security

We integrate with MTN Mobile Money and Airtel Money via their official APIs. We never handle or store Mobile Money PINs or credentials. Transaction processing is end-to-end with the telecom providers.

Infrastructure

Xabira runs on enterprise-grade cloud infrastructure with automatic failover, daily encrypted backups, and a 99.9% uptime SLA. Infrastructure is isolated per environment (production, staging, development).

Incident Response

We maintain a documented incident response plan. In the event of a data breach, we will notify affected users and the Uganda Personal Data Protection Office within 72 hours as required by the PDPA.

Compliance

Uganda PDPA 2019

We comply with Uganda's Data Protection and Privacy Act, including lawful basis requirements, data subject rights, and breach notification obligations.

NIRA Integration Standards

Our NIN verification integration follows the technical and legal requirements set by the National Identification and Registration Authority.

Mobile Money Regulations

We comply with Bank of Uganda's guidelines for mobile payment integrations and do not store sensitive payment credentials.

Responsible Disclosure

We welcome security researchers. If you discover a vulnerability, please report it responsibly to [email protected].

Questions about security?

Our security team is happy to answer questions from enterprise customers, auditors, or researchers.

[email protected]