Security

Placeholder. This page will be expanded with concrete controls and audit evidence before public launch.

Identity

• Passkey (WebAuthn) authentication as the primary credential, with no SMS OTP, ever (SIM-swap is a real threat in Nigeria).
• Identity binding at onboarding via NIMC verification partners + NIBSS iGree BVN consent.
• Account recovery is email magic-link with a step-up biometric prompt; a successful recovery forces passkey re-enrolment.

Documents

• Encrypted at rest via AWS KMS, with per-tenant CMKs for tier-1 senders.
• Object Lock in compliance mode on the documents bucket: immutable retention for the statutory floor, including against root.
• GuardDuty Malware Protection on every upload; tagged objects are quarantined by bucket policy.
• Signed-URL downloads through CloudFront with 5-minute TTL.

Audit trail

Every state-changing event lands in an append-only log. Per-hour Merkle roots are anchored to S3 Object Lock and OpenTimestamps (Bitcoin-anchored), turning a tamper-evident log into a tamper-proof one.

Disclosure

Reporting a vulnerability: security@keepable.co. Please include a clear write-up and proof-of-concept; we acknowledge within two business days and coordinate disclosure timelines transparently.