Trust & Security

Security is a feature, not an afterthought

We take the protection of your data seriously. This page outlines how Okhantu safeguards SME data and maintains compliance with South African data protection laws.

Verification standards

Documents are hashed, encrypted in transit and at rest, and undergo automated expiry monitoring. When customers share artefacts with buyers or funders, the receiving party can audit the trace via tamper-evident logs.

Incident readiness

The platform uses least-privilege access, mandatory MFA, and automated alerting. If a security incident ever occurs, our playbooks cover customer notification, legal obligations, and post-mortem transparency.

POPIA Alignment

We minimise data collection and assign every row of personal information to an accountable owner. POPIA clauses and operator agreements are embedded into onboarding so SMEs know exactly which datasets are being processed.

Information Officer

Okhantu has appointed Simiso Goodman Mazibuko (CEO) as our Information Officer, registered with the Information Regulator under registration number 2025-065725.

For data subject requests or privacy concerns, contact: privacy@okhantu.co.za

Read our Privacy PolicyView Legal & Compliance Library

Data Protection Measures

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Row-Level Security: Database-enforced isolation ensures you can only access your own company's data
  • Access Control: Role-based permissions with principle of least privilege
  • Audit Logging: All security-relevant actions logged for compliance and forensics
  • Breach Notification: In the unlikely event of a breach, affected parties notified within 72 hours as required by POPIA

Questions or Concerns?

If you have questions about our security practices or want to report a vulnerability, please contact us:

Trust & Security | Okhantu | Okhantu