Security

An app people trust with an SOS button
has to earn it everywhere else.

Security at Connex isn't a checklist we added at the end — it shapes how accounts, messages and data are handled from the first line of code.

Encryption in transit & at rest

All traffic between your phone and our servers runs over TLS. Stored data — messages, media, account records — is encrypted at rest on our infrastructure.

Credentials done right

Passwords are hashed with bcrypt and never stored or logged in plain text. Sessions expire automatically after 30 days and can't be revived once they do.

POPIA rights, in practice

You can request access to, correction of, or deletion of your personal information at any time. The process is described in the privacy policy, not buried in it.

Abuse & rate limiting

Server-side rate limits and abuse detection protect sign-in, messaging and the SOS system from spam, flooding and automated misuse.

Every request validated

Every function that touches your data verifies your session first and validates its inputs server-side. Nothing trusts the client by default.

Managed infrastructure

Connex runs on managed cloud infrastructure with transactional data handling, audit trails and automatic failover — no hand-rolled servers in a cupboard.

Responsible disclosure

Found a vulnerability?

Tell us before you tell anyone else, and give us a reasonable window to fix it. Report what you found, how to reproduce it, and what you think the impact is. We respond to every report and credit researchers who help keep users safe — and we won't pursue anyone who reports in good faith.

Read the fine print

The privacy policy and terms are written in plain language — short sentences, real answers.