How we keep your money and data safe.
Njanghi protects group savings with layered security — from encryption and access controls to fraud monitoring and account-level safeguards. Here's how it works.
This page is illustrative template copy for a demonstration site — it is not legal advice and does not describe a live financial product. Figures, registration numbers, and contact details are placeholders.
Our security commitment
When people pool their money, trust is everything. Njanghi is built so that the safety of your contributions and your personal information never depends on a single safeguard — security is layered through our infrastructure, our processes, and the controls available to every member.
This page explains, in plain language, the main ways we protect you. It is illustrative template copy for a demonstration site rather than a description of a live, audited production system.
Encryption
Data is encrypted in transit using modern TLS (1.2 or higher), so information moving between your device and Njanghi cannot be read in flight. Sensitive data at rest is encrypted using strong, industry-standard algorithms such as AES-256.
Secrets and encryption keys are managed separately from the data they protect, with rotation and strict access limits.
Infrastructure & data hosting
Njanghi runs on reputable cloud infrastructure with network isolation, hardened configurations, and continuous patching. Production systems are separated from development and testing environments.
We take regular, encrypted backups so that group records — contributions, payouts, and loan ledgers — can be restored, and we monitor system health around the clock.
Access controls
Staff access follows the principle of least privilege: people can only reach the systems and data strictly necessary for their role, using role-based permissions and individual accounts.
Administrative access requires multi-factor authentication, and sensitive actions are recorded in audit logs that cannot be quietly edited.
Fraud & transaction monitoring
Contributions, payouts, and loan activity are monitored for patterns that may indicate fraud or abuse. Unusual activity can trigger additional checks or a temporary hold while we confirm a transaction is genuine — protecting both individual members and the group's shared fund.
Account security
You can protect your account with a strong PIN or password and two-factor authentication (2FA). We support device and session management so you can see where your account is signed in and sign out remotely.
We will never ask you for your PIN, password, or one-time PIN (OTP) — by phone, email, SMS, or chat. Anyone who does is attempting to defraud you.
Responsible disclosure
We welcome reports from security researchers. If you believe you've found a vulnerability, please email security@njanghi.co.za with enough detail to reproduce the issue, and give us reasonable time to investigate and fix it before any public disclosure.
We will not pursue legal action against researchers who act in good faith, avoid privacy violations and service disruption, and do not access or modify data beyond what is necessary to demonstrate the issue.
Compliance & standards
Our practices are designed to align with South Africa's Protection of Personal Information Act (POPIA), applicable anti-money-laundering and FICA obligations, and widely recognised industry security standards. As Njanghi grows, we expect to pursue formal independent assessments of our controls.
What you can do
- Use a unique, strong PIN or password and turn on two-factor authentication.
- Never share your PIN, password, or OTP — not even with a group admin or Njanghi staff.
- Be wary of messages that create urgency or ask you to "verify" your account; check the sender is an official @njanghi.co.za address.
- Keep your phone's operating system and the Njanghi app up to date.
- If something looks wrong, report it immediately via the Contact page or security@njanghi.co.za.