Qhroma
Qhroma
Qhroma

Security at Qhroma

Last Updated: January 2026

At Qhroma, security isn’t a feature—it’s infrastructure.
We design our systems to protect data, prevent abuse, and keep your business running without drama.

Our Security Philosophy

Security is baked in from day one. We follow a defense-in-depth approach: multiple layers, minimal access, constant monitoring. If something fails, another layer catches it.

No single point of panic.

Data Protection

  • All data in transit is encrypted using HTTPS / SSL

  • Sensitive information is encrypted at rest where applicable

  • Credentials are never stored in plain text

  • Access to production systems is strictly limited

Your data stays locked—by default.

Account & Access Security

  • Secure authentication mechanisms

  • Role-based access control (RBAC)

  • Principle of least privilege applied across systems

  • Session timeouts and activity monitoring

  • Optional multi-factor authentication where supported

Only the right people see the right things.

Infrastructure Security

  • Cloud-hosted on hardened infrastructure

  • Firewalls and network isolation in place

  • Automated updates and patching

  • DDoS mitigation and traffic filtering

  • Continuous uptime and performance monitoring

The boring stuff that actually matters.

Payments & Financial Data

  • Payments are processed by trusted third-party providers

  • Qhroma does not store raw card or wallet details

  • All payment flows comply with industry security standards

Money moves safely—or it doesn’t move at all.

AI & Automation Safety

Some Qhroma services use AI and automation:

  • AI systems operate within strict permission boundaries

  • No autonomous financial or legal actions

  • Training and processing avoid personal data where possible

  • Outputs are monitored and continuously improved

Smart systems, human oversight.

Vulnerability Management

  • Regular security reviews and audits

  • Dependency and package monitoring

  • Rapid patching of known vulnerabilities

  • Internal testing before production releases

We fix things fast and quietly.

Incident Response

If a security incident occurs:

  1. We investigate immediately

  2. Contain and mitigate impact

  3. Notify affected users where required

  4. Apply corrective measures to prevent recurrence

Transparency beats silence. Every time.

User Responsibilities

Security is a shared effort. We recommend users:

  • Use strong, unique passwords

  • Protect login credentials

  • Log out from shared devices

  • Report suspicious activity immediately

Strong systems still need smart users.

Compliance & Best Practices

Qhroma aligns with:

  • Data protection and privacy regulations

  • Secure software development practices

  • Industry-accepted security standards

Compliance is a baseline, not the finish line.

Report a Security Issue

Found a vulnerability or suspicious activity?

📧 security@qhroma.co.ke
📧 hello@qhroma.co.ke

Please include:

  • Description of the issue

  • Steps to reproduce (if applicable)

  • Screenshots or logs if available

Responsible disclosure is always appreciated.

Contact

Qhroma
📍 Juja High Point, Kiambu, Kenya
📞 +254 115 146 212
📧 hello@qhroma.co.ke