Trust & Safety
Your financial data deserves bank-grade protection. Here's exactly how we keep it safe.
Security is not an afterthought at GroWealth — it is built into every layer of the platform, from authentication to data storage to payment processing.
All data stored on GroWealth servers is encrypted at rest using AES-256. All communication between your browser/app and our servers uses TLS 1.2+. Financial data fields receive an additional layer of application-level encryption.
GroWealth uses short-lived JSON Web Tokens (JWT) with secure refresh rotation. Tokens are never stored in localStorage — session credentials are held in memory and HttpOnly cookies to prevent XSS-based theft.
Each business profile, investment club, and SACCO on GroWealth is fully isolated at the database level. Users can only access entities they are explicitly members or owners of. Cross-tenant data leakage is prevented by design.
All endpoints enforce role-based permissions. Business ADMIN roles and STAFF roles have different data access levels. SACCO and club access is validated per-request against current membership status.
All financial transactions, journal entries, and administrative actions are logged with timestamps and user attribution. Audit logs are immutable and available to account administrators.
GroWealth does not store card numbers or sensitive payment credentials. All payments are processed through Flutterwave, a PCI-DSS compliant payment processor. We store only transaction references and confirmation IDs.
If you discover a security vulnerability in GroWealth, please report it responsibly to our support email before public disclosure. We commit to acknowledging reports within 48 hours and resolving critical issues within 7 days.
We conduct periodic internal security reviews including dependency audits, penetration testing, and code reviews. Critical security patches are deployed immediately; non-critical patches are batched in monthly releases.
We take all security reports seriously. Please disclose responsibly and give us the chance to fix issues before going public. We appreciate the security community's help in keeping GroWealth safe.
Contact Support