Trust is engineered,
not asserted.
Asiri is the system of record for NDPA 2023 compliance. We hold ourselves to the same evidentiary bar we ship to approved tenants — controls in code, audit log on by default, residency in Africa.
Strong cryptography, on by default.
All client and service traffic terminates on TLS 1.3 with HSTS preload. Internal service-to-service traffic is mTLS-authenticated within the VPC.
Every byte of customer data is encrypted at rest with AES-256-GCM. Disk volumes, database snapshots, and object storage are KMS-wrapped.
Enterprise tenants can attach their own AWS KMS CMK for tenant-scoped envelope encryption — revocable on demand.
Your data stays in Africa.
The Asiri control plane and tenant databases run in AWS Cape Town (af-south-1). No PII leaves the region by default.
When AI Copilot calls a foundation model, the prompt is tokenised first — sensitive identifiers never reach the model. Inference runs in af-south-1 / eu-west-1 with zero-retention configured.
Enterprise tier unlocks Lagos Local Zone, MainOne, or Rack Centre residency on request.
Least privilege, always.
Postgres RLS isolates every tenant at the database layer. There is no application-only fence — the database itself enforces tenancy.
Granular role-based access control, mandatory MFA for privileged roles, and SCIM 2.0 user provisioning on the Enterprise tier.
Posture you can audit.
- SOC 2 Type I — report in progress, target Q4 2026.
- NDPC-licensed Data Protection Compliance Organisation.
- Annual third-party penetration test with public summary.
- Full audit log on every tenant — exportable, immutable, retained.
- Bug bounty programme via responsible disclosure at security@asiri.ng.
- Sub-processor inventory published and version-controlled.