SECURITY

Enterprise-Grade Security, Built In

Security and compliance are not add-on features. They are foundational to every layer of the ShumelaHire platform.

Data Encryption

All data encrypted at rest (AES-256) and in transit (TLS 1.3). Encryption keys managed through AWS KMS with automatic rotation.

Access Control

Role-based access controls with granular permissions. Every action is authenticated, authorised, and logged.

POPIA Compliance

Purpose-built for South African privacy law. Consent management, data minimisation, and configurable retention policies.

Audit Logging

Comprehensive, immutable audit trail for every action. Who did what, when, and from where — always available.

Data Residency

All data processed and stored within South African AWS infrastructure (af-south-1). No cross-border data transfers without explicit consent.

Infrastructure Security

Hosted on AWS with VPC isolation, security groups, and automated vulnerability scanning. SOC 2 aligned practices.

ARCHITECTURE

Security Architecture

Authentication & Identity

ShumelaHire uses AWS Cognito for identity management with support for multi-factor authentication, password policies, and session management. Enterprise plans support SAML-based single sign-on integration.

Data Protection

All personally identifiable information is encrypted at rest using AES-256 encryption. Database backups are encrypted and stored within the same AWS region. Data retention policies are configurable per organisation to meet POPIA requirements.

Network Security

The platform operates within isolated Virtual Private Clouds with strict security group rules. All traffic is routed through AWS Application Load Balancers with WAF protection. API endpoints are rate-limited and monitored for anomalous activity.

COMPLIANCE

Regulatory Alignment

POPIA

Full alignment with the Protection of Personal Information Act, including data subject rights, consent management, and breach notification procedures.

King IV

Governance controls and audit trails aligned with King IV principles for information technology governance.

ISO 27001

Security practices aligned with ISO 27001 information security management standards. Formal certification in progress.

Security Questions

Our engineering team is available to discuss ShumelaHire's security architecture in detail.

Security Architecture