Security.

Last reviewed: May 2026

CediHub holds deposits-data on behalf of regulated institutions. We treat security as core engineering work, not a checklist exercise. This page summarises our posture; institutional customers receive a longer questionnaire response on request.

Report a vulnerability

If you believe you have found a security issue, email security@cedihub.com. We respond within one business day. Please give us 90 days before public disclosure.

Encryption

At rest: tenant secrets encrypted with AES-256-GCM using per-deployment master keys. PostgreSQL data volume encrypted at the filesystem level.
In transit: TLS 1.2+ everywhere; HSTS enforced on all public origins; HTTP redirects to HTTPS.
Backups: daily encrypted with age, stored off-site within Ghana, retained 30 days.

Authentication & authorisation

Operator sessions are short-lived JWTs (access token + refresh token), revocable via a Redis-backed blacklist.
Per-action role-based access control (RBAC); the access matrix is the same in code and in the audit log.
Multi-factor authentication required for any privileged role.
Field-officer and customer USSD/PIN flows are rate-limited and locked-out on repeated failure.

Audit & observability

Append-only audit log captures every read, write, approval and configuration change with actor, timestamp, IP and request ID.
Structured request logs with a correlation ID across services.
Liveness (/healthz) and readiness (/readyz) probes; Prometheus-style metrics endpoint behind auth.

Infrastructure

Hardened Debian / Alpine hosts behind nginx, kept patched on a weekly cadence.
Containers run as a non-root user, with read-only filesystems where practical.
PostgreSQL 15 with point-in-time recovery; Redis 7 with AUTH required for cluster-safe token revocation.
No public ingress to the database; all access mediated by the application tier.

Development practices

Two-person review on every change touching auth, money movement, or KYC.
Static analysis (ESLint), dependency audit (npm audit --audit-level=critical) and a comprehensive test suite gate every merge.
Secrets are never committed; environment-loaded via .env with required-variable assertions at boot.

Sub-processors

CediHub uses a small, vetted set of sub-processors for telco settlement (MTN, Vodafone, AirtelTigo), identity (NIA / Ghana Card), email, SMS and cloud infrastructure. The current list is shared with contracting institutions and updated as needed.

Incident response

Material incidents affecting Customer data are notified to affected institutions within 24 hours of detection, with a written root-cause analysis within seven days.

Contact

CediHub · Accra, Ghana
security@cedihub.com