MY HUMAN RESOURCES MANAGEMENT SYSTEM

KE KE
Bank-Grade Security

Your Payroll Data is Secure.

At Nawiri, protecting your company's sensitive HR and financial data is our highest priority. We utilize enterprise-grade encryption and continuous auditing to ensure 100% compliance.

Cloud Infrastructure

Hosted on world-class, ISO 27001 certified cloud infrastructure with guaranteed 99.9% uptime.

  • Data stored in highly secure, redundant data centers.
  • Continuous automated daily backups.
  • DDoS protection and Web Application Firewalls (WAF).

Data Privacy & KDPA

Strictly compliant with the Kenya Data Protection Act (KDPA) 2019 and global privacy standards.

  • Multi-tenant logical isolation (Companies cannot see each other's data).
  • AES-256 Encryption at rest and TLS 1.3 in transit.
  • We never sell or share your employee data.

Application Security

Our codebase undergoes rigorous, automated security testing before every single update.

  • Weekly Dependency Vulnerability Audits (CVE Scanning).
  • Strict Role-Based Access Control (RBAC).
  • Protection against SQL Injection and Cross-Site Scripting (XSS).

Office of the Data Protection Commissioner (ODPC)

Nawiri is committed to absolute legal compliance. We operate as a registered Data Processor under the laws of Kenya, meaning your employee records, KRA PINs, and salary data are handled with the highest legal standard of care.

Read our Privacy Policy

Frequently Asked Security Questions

You do. You retain 100% ownership of your company and employee data. Nawiri acts solely as a data processor to provide you with HR and Payroll services. You can export your data at any time.

No. Our internal administrative tools are strictly separated from client data. Nawiri engineers and support staff cannot view your payroll data, salaries, or employee files unless you explicitly grant temporary access for a support ticket.

If you choose to cancel your subscription, you will have 30 days to export your payroll history and employee data. After the retention period expires, your data is securely and permanently deleted from our servers in compliance with KDPA right-to-erasure laws.