Ng’ara Data Ltd

Data Security

Our Security Framework

Ng’ara Data protects client data with robust technical and operational controls. Data is stored in Google Cloud Storage under strict IAM policies, encrypted in transit and at rest, with audit logging, role-based access, and formal incident response procedures. For pilot projects we provide a secure file exchange workflow (signed URLs or SFTP over TLS) and execute per-project NDAs and DPA terms.

Physical & Logical Security
Our operations are built around restricted-access environments designed to protect client data at every stage.

  • Secure Facilities: Controlled access with entry logs.
  • Project-Level Isolation: Each project operates in a segmented data environment to prevent cross-contamination.
  • Two-Factor Authentication (2FA): All workstations and systems require user authentication and MFA for every login.

We ensure that only authorized, background-verified personnel can access client data — nothing is left to chance.

Learn More

ISO 27001 Aligned Security protocols

GDPR Compliance Guarantee

End-to-End Data Encryption

Secure Client Access Control

Workforce Integrity & Governance

Our team represents our greatest strength. Each annotator, QA analyst, and engineer undergoes a rigorous vetting and onboarding process.

  • Background Checks: Every team member is verified prior to access.
  • Data Ethics Training: Continuous education in GDPR compliance, data privacy, and cybersecurity awareness.
  • Dedicated Workforce: 100% in-house professionals — no crowdsourcing or third-party marketplaces.

Your data never leaves trusted hands.

Data Security & Encryption

Every dataset we handle — image, text, video, or LiDAR — is protected with industry-leading encryption standards.

  • In-Transit Protection: All data transfers are secured via TLS/SSL encryption.
  • At-Rest Encryption: Stored data is encrypted using AES-256 protocols on Google Cloud Storage.
  • Role-Based Access Control (RBAC): Access privileges are granted strictly on a need-to-know basis.
  • Secure Backups: Encrypted and regularly tested recovery systems to ensure business continuity.

Vulnerability & Risk Management

We actively monitor, assess, and mitigate potential threats through a proactive risk management system.

  • Automated Vulnerability Scanning across our servers and cloud endpoints.
  • External Penetration Testing conducted periodically by certified cybersecurity professionals.
  • Incident Response Protocols aligned with ISO/IEC 27035 standards.
  • Continuous Security Audits integrated with our enterprise management system.

Our focus: anticipate, prevent, and respond — before risks turn into incidents.

Data Privacy & Compliance

Ng’ara Data is fully compliant with major international data protection laws and frameworks:

  • Kenya Data Protection Act (2019)
  • EU General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • UK Data Protection Act (2018)

As a Data Processor, Ng’ara Data only processes client data based on explicit written instructions and under the lawful control of the Data Controller (the client).

We never sell, share, or reuse your datasets for internal model training or any purpose beyond the agreed scope.

Your data is your property — always.

Certifications & Standards

We proudly commit to:

Continuous monitoring, auditing, and process improvement.

Adhering to ISO 27001-aligned information security protocols.

Maintaining a GDPR-compliant data processing structure.

Our policies are reviewed and updated quarterly to ensure continuous compliance and resilience.

Data Handling Principles

We adhere to strict principles for ethical, transparent, and secure data management:

  1. Data Minimization: Collect only what’s necessary.
  2. Purpose Limitation: Process data only for the agreed objectives.
  3. Storage Limitation: Retain data only for the project duration.
  4. Integrity & Confidentiality: Safeguard against unauthorized processing or accidental loss.

Every operation — from ingestion to delivery — is logged, audited, and verified for integrity.

Incident Response & Escalation

In the unlikely event of a data incident:

  • The Ng’ara Data Security Team initiates immediate containment within 2 hours.
  • Impact analysis and notification are completed within 72 hours, per GDPR standards.
  • Clients receive a full report, root-cause analysis, and a corrective action plan.

Our systems are designed to detect, report, and neutralize security threats at speed.

Our Promise

At Ng’ara Data, we believe that trust is earned through transparency and discipline.
From our facilities to our cloud architecture, every safeguard is a reflection of our commitment to excellence.

Your Data. Your Rules. Our Responsibility.

For detailed security documentation or compliance inquiries,

contact: security@ngaradata.com

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None