Data Retention and Deletion: Offline and Temporary Data

Our applications may temporarily store operational data such attendance, surveys, e.t.c on your device while the device is offline or awaiting synchronization with our servers allowing you to also work offline. This offline data is automatically deleted from the device once synchronization is successfully completed. In cases where synchronization fails due to connectivity or technical issues, our support or system administrators may remotely trigger a synchronization request on behalf of the user to securely upload and remove the pending offline data from the device.

Data Retention and Deletion:Persistent User Data

User-related application data required for continued access and functionality remains stored only while the user is logged into the application. When a user logs out, all locally stored persistent data associated with the account is automatically deleted from the device. If a user is unable to access a previous device, logging into the application on a new device will automatically invalidate sessions and remove application data from all other previously connected devices. Users may also request remote deletion of their application data by contacting our support team. Upon verification, we can remotely remove account-related data from connected devices where technically applicable.

Data Ownership

Our applications may temporarily store operational or survey-related data on your device while the device is offline or awaiting synchronization with our servers. This offline data is automatically deleted from the device once synchronization is successfully completed. In cases where synchronization fails due to connectivity or technical issues, our support or system administrators may remotely trigger a synchronization request on behalf of the user to securely upload and remove the pending offline data from the device.

Data Access

The Ukall team does not have default access to our customers data. Instead, we are granted access, by the customer, only when necessary. Such access in most cases is to allow troubleshooting a specific issue or to support in analyzing the specific customer data. Such access is revoked as soon as it is no longer needed.

Data Storage and Encryption

All the data collected using our apps is stored on a secure cloud server (Microsoft Azure). This data is encrypted using advanced encryption technologies and algorithms and can only be decrypted within the Azure Platform. Data is encrypted both At Rest (in physical storage) and In Transit (when being accessed).

Secure Data Access

We’ve set up modern secure internet protocols to protect your session every time you send and or receive data from the Akida platform. Data being transported is encrypted and sent through a secure network to prevent unauthorized access to the data every time you use our web portal and or the mobile application. Our connections are encrypted and are only accessed using the latest version of TLS (Transport Layer Security) which ensures advanced encryption and user session protection.

Firewalls

We’ve also set up firewall policies that we use to monitor and control incoming and outgoing network traffic based on security rules we’ve put in place, only allowing access to trusted networks and blocking any untrusted networks. Using the latest version of application firewalls and server firewalls, both the platform and data are protected against real time attacks (OWASP top 10 vulnerabilities). The technology we’ve used include Azure Front Door that protects the application layer and Server Firewall that protects the database.

Identity and Access Management (IAM)

We’ve also set up authentication and authorization policies to prevent unauthorized access to your data. We’ve used modern methods to verify and authorize users before accessing the platform by means of Multi-Factor Authentication (MFA) for proof of user identity, strong password based authentication for user validation and Token-based authentication mainly for client based authentication e.g. every time users access the mobile application. We also have advanced Role-Based Access Control (RBAC) mechanisms in place that control user permissions and access that can be managed by administrators. All these help in limiting data to authorized personnel only.

Audit Logs

We have also set up audit logs to keep track of any activity across the system which are available for administrators and service providers (Ukall Limited) to keep track of system activity. We have two levels of logs : System Logs and User Logs. The System Logs are monitored and accessed by us (the service providers) to keep track of any activity in the platform that is not related to application usage. The User Logs keep track of user activity in the system and can be viewed and analysed by the user administrator

Data Backup

We regularly carry out data backups and store them in secure environments. In case of system failure, these backups can be accessed and restored at the request of the users or if deemed necessary by the system administrators. These backups are done weekly and are encrypted to further protect them from unauthorized access.

Password Creation & Protection Guidelines

To access all Akida resources, users must adhere to security policies we’ve set for them. One such policy is passwords. Passwords are a key part of our strategy to make sure only authorized people can access those resources and data. We use passwords to protect against unauthorized access to your data thus it’s important that we follow strong security password policies for your protection. We’ve set up advanced secure mechanisms to protect your account information including passwords but it’s also the customer’s responsibility as well to further protect it. All users that access the web portal and mobile application are responsible for choosing strong passwords for themselves and their users and protecting their log-in information from unauthorized people.

Password Creation & Protection Guidelines include:

1. All passwords should be reasonably complex and difficult for unauthorized people to guess. Users should choose passwords that are at least eight characters long and contain a combination of upper- and lower-case letters, numbers, and punctuation marks and other special characters; these requirements will be enforced with software when possible.


2. Akida users must avoid basic combinations that are easy to crack when choosing passwords. For instance, choices like “password,” “password1” and “Pa$$w0rd” are equally bad from a security perspective.


3. A password should be unique, with meaning only to the user who chooses it. That means dictionary words, common phrases and even names should be avoided. One recommended method to choosing a strong password that is still easy to remember: Pick a phrase, take its initials and replace some of those letters with numbers and other characters and mix up the capitalization. For example, the phrase “This may be one way to remember” can become “TmB0WTr!”


4. Users must choose unique passwords for all of their Akida accounts and may not use a password that they are already using for a personal account.


5. All passwords must be changed regularly, with the frequency varying based on the sensitivity of the account in question. This requirement will be enforced using software when possible. If the security of a password is in doubt– for example, if it appears that an unauthorized person has logged in to the account — the password must be changed immediately.


6. Default passwords, such as those assigned to new users when they’re set up, must be changed as quickly as possible.


7. All users should never share their passwords with any outside parties, including those claiming to be representatives of a business partner with a legitimate need to access Akida.


8. All users should take steps to avoid phishing scams and other attempts by hackers to steal passwords and other sensitive information. We’re available to offer training on how to recognize these attacks.


9. All users must refrain from writing passwords down and keeping them at convenient physical locations.

Our dedicated support team is always available to guide further. You can reach us at support@ukall.co.ke. At Ukall Limited we value your security.