Security

Last updated: February 18, 2026

OUR COMMITMENT TO SECURITY

At InMover, we take the security of your personal information and data seriously. As a moving services platform operating in Kenya, we handle sensitive information including your addresses, contact details, and payment information. We implement industry-standard security measures to protect your data from unauthorized access, use, alteration, or disclosure. This page explains the security measures we have in place to keep your information safe.

COMPLIANCE

InMover is committed to maintaining the highest standards of security and data protection. We comply with and follow the requirements of:

  • PCI DSS: We work with payment processors that are PCI-DSS compliant to ensure secure handling of payment card information
  • ISO 27001 Principles: We follow ISO 27001 information security management best practices in our operations
  • Kenya's Data Protection Act, 2019: We are registered with and comply with all requirements of the Office of the Data Protection Commissioner (ODPC)
  • Industry Best Practices: We continuously work to align our security practices with international standards and industry best practices

VULNERABILITY DISCLOSURE

It is InMover's goal to offer the best and most secure products and services. We value the work of security researchers who spend time and effort helping us make our platform and apps more secure.

If you have discovered a security vulnerability, please report it to us responsibly. We ask that you:

  • Report vulnerabilities to security@inmover.co.ke as soon as possible
  • Provide detailed information about the vulnerability, including steps to reproduce it
  • Allow us reasonable time to address the issue before public disclosure
  • Act in good faith and avoid accessing or modifying data that does not belong to you

We will acknowledge receipt of your report within 48 hours and work with you to resolve the issue. We appreciate responsible disclosure and will not take legal action against security researchers who follow these guidelines.

For more information, please see our Vulnerability Reporting Policy or contact us at security@inmover.co.ke.

SUPPLIER INFORMATION SECURITY

Information security requirements apply to any third party who has access to InMover data, including movers, payment processors, cloud service providers, and other vendors.

All suppliers and service providers who handle InMover data must:

  • Comply with Data Protection Laws: Meet all requirements under Kenya's Data Protection Act, 2019
  • Implement Security Measures: Maintain appropriate technical and organizational security measures to protect data
  • Limit Data Access: Only access data necessary to perform their services
  • Report Security Incidents: Immediately notify InMover of any security breaches or incidents
  • Background Checks: Movers and service providers undergo appropriate vetting and background checks
  • Training: Receive security and data protection training

Movers: As independent contractors providing moving services through our platform, movers are required to:

  • Protect customer information (names, addresses, contact details) shared for service delivery
  • Use secure communication channels when discussing customer details
  • Not share or misuse customer data for any purpose other than providing moving services
  • Report any security concerns or data breaches immediately

We regularly assess our suppliers' security practices and require them to maintain appropriate security standards. Requirements can be found in our Supplier Information Security Requirements document. For inquiries, contact security@inmover.co.ke.

DATA ENCRYPTION

We use encryption to protect your data both in transit and at rest:

  • HTTPS/SSL/TLS: All data transmitted between your device and our servers is encrypted using industry-standard SSL/TLS encryption. You can verify this by looking for the padlock icon in your browser's address bar.
  • Database Encryption: Sensitive data stored in our databases is encrypted at rest
  • Payment Information: All payment transactions are encrypted and processed through secure, PCI-DSS compliant payment processors (M-Pesa, Pesapal)
  • Password Security: Your passwords are hashed using secure algorithms (bcrypt) and never stored in plain text

ACCESS CONTROLS

We limit access to your personal information to authorized personnel only:

  • Employee Access: Only employees who need access to perform their job duties can access your data
  • Authentication: All employees use strong authentication methods (multi-factor authentication where possible)
  • Regular Audits: We regularly review and audit who has access to what data
  • Background Checks: All employees undergo background checks before accessing sensitive data
  • Training: Employees receive regular security training on data protection and privacy

SECURE INFRASTRUCTURE

Our technical infrastructure is designed with security in mind:

  • Secure Servers: Our servers are hosted on secure, reputable cloud platforms with built-in security features
  • Firewalls: Network firewalls protect our servers from unauthorized access
  • Intrusion Detection: We monitor for suspicious activity and potential security threats
  • Regular Updates: We keep all software and systems up-to-date with the latest security patches
  • Backup Systems: Regular encrypted backups ensure your data is safe even in case of system failures
  • DDoS Protection: Protection against distributed denial-of-service attacks

PAYMENT SECURITY

Your payment information is handled with the highest level of security:

  • PCI-DSS Compliance: We work with payment processors that are PCI-DSS compliant
  • No Storage: We do not store your full credit card numbers or payment card details on our servers
  • Secure Processing: All payments are processed through secure, encrypted connections
  • M-Pesa Integration: M-Pesa transactions are processed securely through Safaricom's secure infrastructure
  • Pesapal Integration: Pesapal provides secure payment processing with industry-standard encryption

ACCOUNT SECURITY

We provide tools and features to help you keep your account secure:

  • Strong Password Requirements: We require passwords that meet security standards (minimum length, complexity)
  • Password Hashing: Your passwords are hashed using secure algorithms and never stored in plain text
  • Session Management: Automatic logout after periods of inactivity
  • Login Notifications: We can notify you of new logins to your account
  • Account Recovery: Secure account recovery processes to help you regain access if needed

Your Responsibility: You play an important role in keeping your account secure. Please:

  • Use a strong, unique password
  • Don't share your password with anyone
  • Log out when using shared devices
  • Report any suspicious activity immediately

MOBILE APP SECURITY

Our mobile applications include additional security measures:

  • App Store Verification: Our apps are only available through official app stores (Google Play, Apple App Store)
  • Certificate Pinning: Prevents man-in-the-middle attacks by verifying server certificates
  • Secure Storage: Sensitive data stored on your device is encrypted
  • Biometric Authentication: Support for fingerprint and face recognition where available
  • Regular Updates: We regularly update our apps to fix security vulnerabilities

INCIDENT RESPONSE

In the event of a security incident or data breach:

  • Immediate Response: We have an incident response team ready to respond to security threats
  • Investigation: We investigate all security incidents thoroughly
  • Notification: We will notify affected users and the Office of the Data Protection Commissioner (ODPC) as required by Kenya's Data Protection Act, 2019
  • Remediation: We take immediate steps to fix any security issues and prevent future incidents
  • Transparency: We provide clear information about what happened and what we're doing about it

THIRD-PARTY SECURITY

We work with trusted third-party service providers who also maintain high security standards:

  • Cloud Providers: We use reputable cloud service providers with strong security certifications
  • Payment Processors: All payment processors are PCI-DSS compliant
  • Vendor Assessments: We assess the security practices of our vendors before working with them
  • Contracts: We have contracts requiring vendors to maintain appropriate security measures

SECURITY BEST PRACTICES FOR USERS

Here are some steps you can take to help keep your information secure:

  • Use Strong Passwords: Create unique, complex passwords for your InMover account
  • Keep Software Updated: Keep your browser, operating system, and apps updated
  • Be Cautious Online: Don't click on suspicious links or download files from unknown sources
  • Use Secure Networks: Avoid using public Wi-Fi for sensitive transactions
  • Monitor Your Account: Regularly check your account for any unauthorized activity
  • Report Suspicious Activity: Contact us immediately if you notice anything unusual

COMPLIANCE DETAILS

We comply with applicable security and data protection laws, including:

  • Kenya's Data Protection Act, 2019: We comply with all requirements for data security and protection
  • Industry Standards: We follow industry best practices for information security
  • Regular Assessments: We regularly assess and improve our security measures

REPORTING SECURITY ISSUES

If you discover a security vulnerability or have concerns about our security practices, please report it to us immediately:

We take all security reports seriously and will investigate them promptly. Please do not publicly disclose security vulnerabilities until we have had a chance to address them.

UPDATES TO THIS SECURITY PAGE

We may update this Security page from time to time to reflect changes in our security practices. We will notify you of any material changes by updating the "Last updated" date at the top of this page.

CONTACT US

If you have questions about our security practices, please contact us: