Loading content...
Follow Us
Stay connected for budget updates, civic education, and Kenya finance news.
Loading content...
Stay connected for budget updates, civic education, and Kenya finance news.
Budget Ndio Story is committed to protecting your data and privacy. Here is how we keep our platform safe and secure.
All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security). This ensures that no third party can intercept or read your communications with Budget Ndio Story. Our SSL/TLS certificates are managed and auto-renewed through trusted certificate authorities.
Sensitive user data stored in our databases is encrypted using AES-256 encryption. Passwords are never stored in plain text — they are hashed using bcrypt with a cost factor of 12. Personal identifiable information (PII) is encrypted at the application layer before being written to the database.
We use JSON Web Tokens (JWT) for stateless authentication. Access tokens have a short expiry (15 minutes) and are rotated frequently using refresh tokens stored securely in localStorage. Refresh tokens are single-use and rotated on each request to prevent replay attacks. All authentication follows the OWASP best practices for session management.
Our platform implements a comprehensive set of security headers to protect against common web vulnerabilities: Content Security Policy (CSP) restricts script and resource origins; HTTP Strict Transport Security (HSTS) enforces HTTPS; X-Content-Type-Options prevents MIME sniffing; X-Frame-Options prevents clickjacking; and Referrer-Policy controls referrer information leakage.
We conduct quarterly security audits and penetration tests on our platform. Our codebase undergoes automated security scanning through GitHub's Dependabot and CodeQL, with weekly dependency vulnerability checks. We also perform manual code reviews for all authentication and payment-related changes.
We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please email us at security@budgetndiostory.org with details. We commit to acknowledging receipt within 48 hours and will work diligently to address verified vulnerabilities. We ask that you refrain from publicly disclosing vulnerabilities until we have had reasonable time to address them.