Security at Connex
We take the protection of your data seriously. Here's how we keep your information safe and your privacy intact.
Built with security from day one
Security isn't an afterthought at Connex. It's embedded in every layer of our platform.
Encryption in Transit & at Rest
All communication between your device and our servers is encrypted using TLS 1.2+. Data stored on our servers is encrypted at rest using AES-256 encryption, the same standard used by financial institutions worldwide.
Authentication Security
Passwords are never stored in plain text. We use industry-standard hashing algorithms (bcrypt) to protect your credentials. Session tokens are securely generated, rotated regularly, and expire after periods of inactivity.
POPIA Compliance
We comply fully with the Protection of Personal Information Act (POPIA). We collect only the data necessary to provide our services, process it lawfully, and give you full control over your personal information including the right to access, correct, and delete it.
Rate Limiting & Abuse Prevention
Our platform employs rate limiting on all sensitive endpoints to prevent brute-force attacks. Automated abuse detection systems monitor for suspicious activity, and accounts exhibiting malicious behaviour are flagged and restricted.
Input Validation
Every piece of data submitted to our servers is validated and sanitised before processing. We use strict schema validation to prevent injection attacks, malformed data, and other common web vulnerabilities.
Infrastructure Security
Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 compliance, automated backups, network isolation, and continuous monitoring. We use security headers, CORS policies, and strict access controls across all services.
Found a vulnerability?
We value the security community and welcome responsible disclosure of security vulnerabilities.
If you believe you've found a security vulnerability in Connex, we encourage you to report it to us responsibly. Please do not publicly disclose the vulnerability until we have had the opportunity to investigate and address it.
How to report: Send a detailed description of the vulnerability to security@connexsa.co.za. Include steps to reproduce the issue, the potential impact, and any proof-of-concept code if applicable.
What to expect: We will acknowledge receipt within 48 hours and provide regular updates on our investigation. We will not pursue legal action against researchers who follow responsible disclosure guidelines.
Scope: The Connex mobile application, the connexsa.co.za website, and any API endpoints operated by Connex Digital (Pty) Ltd.
Your security matters
Have questions about how we protect your data? Reach out to our team.