An app people trust with an SOS button
has to earn it everywhere else.
Security at Connex isn't a checklist we added at the end — it shapes how accounts, messages and data are handled from the first line of code.
Encryption in transit & at rest
All traffic between your phone and our servers runs over TLS. Stored data — messages, media, account records — is encrypted at rest on our infrastructure.
Credentials done right
Passwords are hashed with bcrypt and never stored or logged in plain text. Sessions expire automatically after 30 days and can't be revived once they do.
POPIA rights, in practice
You can request access to, correction of, or deletion of your personal information at any time. The process is described in the privacy policy, not buried in it.
Abuse & rate limiting
Server-side rate limits and abuse detection protect sign-in, messaging and the SOS system from spam, flooding and automated misuse.
Every request validated
Every function that touches your data verifies your session first and validates its inputs server-side. Nothing trusts the client by default.
Managed infrastructure
Connex runs on managed cloud infrastructure with transactional data handling, audit trails and automatic failover — no hand-rolled servers in a cupboard.
Found a vulnerability?
Tell us before you tell anyone else, and give us a reasonable window to fix it. Report what you found, how to reproduce it, and what you think the impact is. We respond to every report and credit researchers who help keep users safe — and we won't pursue anyone who reports in good faith.
Read the fine print
The privacy policy and terms are written in plain language — short sentences, real answers.