We take data security seriously. KompliTax handles sensitive financial information and we've built security into every layer of the platform.
Encryption
All data is encrypted in transit using TLS/SSL (the same standard used by online banking). Data is also encrypted at rest in our database — so even if our servers were somehow accessed, your data would be unreadable without the encryption keys.
Access Control
We use Row Level Security (RLS) — a database-level security feature that ensures each user can only access their own data. No other user, and no KompliTax employee, can see your transactions or invoices. This is enforced at the database layer, not just the application layer.
What We Do NOT Store
- Your M-Pesa PIN
- Your iTax password or KRA credentials
- Your bank account passwords or PINs
When you paste an M-Pesa SMS, we extract only the transaction details (amount, sender/receiver, date, M-Pesa code). The SMS text itself is processed and discarded — not stored.
Data Sharing
We do not sell, share, or give your financial data to any third party. KompliTax generates invoices that you submit to KRA — we don't have a direct connection to KRA's systems and don't automatically file anything on your behalf.
Data Location
Your data is stored on Supabase servers in the EU (Ireland). This complies with Kenya's Data Protection Act 2019 requirements for cross-border data transfers — the EU has adequate data protection laws recognized under the Kenyan DPA framework.
Your Rights
Under Kenya's Data Protection Act 2019, you have the right to:
- Access a copy of all data we hold about you
- Request correction of any inaccurate data
- Request deletion of your account and all associated data
- Export all your data in a portable format
You can exercise these rights from Settings → Data & Privacy in your dashboard, or by emailing hello@komplitax.co.ke.
Legal Compliance
KompliTax complies with Kenya's Data Protection Act 2019 (DPA). We are not a KRA-authorized partner and do not represent KRA in any capacity.