kasri.app
Book a demo
Built compliance-first

Security & compliance

When the auditor walks in, you
walk out in an hour.

We spent the first year of Kasri on compliance scaffolding — multi-tenant RLS, dual-signatory enforcement, immutable audit logs, GDPRGDPR (General Data Protection Regulation)The EU data-protection standard for consent, access, correction, and deletion — Tanzania's regime is aligned with it. DSRs, step-up MFAMFA (multi-factor authentication)A second check beyond your password — e.g. a code from your phone — before high-risk actions like signing off a payment. — before shipping a single end-user feature. Here's exactly what's inside.

Built compliance-first

Bank-grade trust. From line one of the schema.

We spent a year on the compliance scaffolding before shipping a single feature — because RERA RERA (Real Estate Regulatory Authority) Tanzania's real estate regulator — funded in the 2025/26 budget to require audit-grade records and structured reporting from developments and body corporates. is coming, and your records have to survive an audit.

22 roles · 50+ permissions

Permission-gated everywhere — from chairman to vendor plumber. Row-Level Security at the database layer.

Step-up MFA

Every critical action — payments, role changes, audit export — requires a fresh TOTP TOTP (time-based one-time password) A short-lived code from an authenticator app — Kasri asks for a fresh one before payments, role changes, and audit exports. challenge.

Dual-signatory treasury

Chairman + treasurer must both sign. The same user cannot countersign their own request.

Immutable audit log

HMAC-SHA256HMAC-SHA256 (hash-based message authentication code)A tamper-evident fingerprint on each audit log row — change the record and the checksum no longer matches. row checksums. Monthly partitioning. Append-only at the database level.

GDPR GDPR (General Data Protection Regulation) The EU data-protection standard for consent, access, correction, and deletion — Tanzania's regime is aligned with it. · Art. 15–21

Consent records, data subject requests, automated anonymisation. Tanzania's data regime is GDPR GDPR (General Data Protection Regulation) The EU data-protection standard for consent, access, correction, and deletion — Tanzania's regime is aligned with it. -aligned.

TIPS-native payments

Routed through the Bank of Tanzania's Instant Payment System. One API, every wallet.

Unit Titles Act 2008-compliant Electronic Transactions Act-recognised RERA RERA (Real Estate Regulatory Authority) Tanzania's real estate regulator — funded in the 2025/26 budget to require audit-grade records and structured reporting from developments and body corporates. -readiness path SOC 2 controls in build

In detail

Six pillars, in the order they would matter to a regulator.

RBAC — 22 roles, 50+ permissions

  • Every action is permission-gated at three layers: navigation, API, and database (RLS).
  • Permissions grouped by module (governance, finance, units, facilities, utilities, bylaws, users, reports, audit, documents).
  • Individual users can have permission overrides — grant or deny — on top of role defaults.
  • Role catalogue includes chairman, vice chair, treasurer, secretary, committee, facility manager, property manager, accountant, office staff, unit owner, owner-occupier, tenant, developer admin, developer staff, six vendor specialties, external auditor, and regulator (view-only).

Dual-signatory treasury

  • Outgoing payments require two distinct signatories — typically chairman + treasurer.
  • The same user cannot countersign their own request — enforced at the API layer.
  • Both signatures require fresh step-up MFAMFA (multi-factor authentication)A second check beyond your password — e.g. a code from your phone — before high-risk actions like signing off a payment. (AAL2AAL2 (Authenticator Assurance Level 2)A NIST-style assurance tier meaning the session has recently passed multi-factor authentication — not just a password. Kasri requires AAL2 before dual signatures, payouts, and other high-risk actions.).
  • Every signature is timestamped, IP-logged, and recorded immutably to the audit log.

Step-up MFAMFA (multi-factor authentication)A second check beyond your password — e.g. a code from your phone — before high-risk actions like signing off a payment.

  • TOTPTOTP (time-based one-time password)A short-lived code from an authenticator app — Kasri asks for a fresh one before payments, role changes, and audit exports. enrollment supported via standard authenticator apps.
  • High-risk actions require a fresh challenge — not just an authenticated session.
  • Recency window enforced server-side; stale challenges rejected.
  • Suspending a user, changing roles, exporting audit logs, and approving payments all gated.

Immutable audit log

  • Every successful mutating API call records: actor, role, IP, user-agent, action, resource, before/after snapshot.
  • HMAC-SHA256HMAC-SHA256 (hash-based message authentication code)A tamper-evident fingerprint on each audit log row — change the record and the checksum no longer matches. row checksum for tamper detection.
  • Table is append-only — UPDATE and DELETE blocked by RLS policy.
  • Partitioned by month; next partition auto-created on the 25th of every month via pg_cron.
  • Each row classified — public / internal / confidential / restricted / highly_restricted — and tagged with compliance frameworks (SOC 2, GDPRGDPR (General Data Protection Regulation)The EU data-protection standard for consent, access, correction, and deletion — Tanzania's regime is aligned with it.).

GDPRGDPR (General Data Protection Regulation)The EU data-protection standard for consent, access, correction, and deletion — Tanzania's regime is aligned with it. Article 15–21

  • Every user must accept consent at registration (Art. 6, 13/14); stored with version, IP, user-agent.
  • Data subject requests supported: access, rectification, erasure, portability, restriction, objection.
  • 30-day fulfilment SLA tracked per request, automatically counted from received timestamp.
  • Grace-period anonymisation processed nightly via pg_cron for erasure requests.
  • Tanzania's data protection regime is GDPRGDPR (General Data Protection Regulation)The EU data-protection standard for consent, access, correction, and deletion — Tanzania's regime is aligned with it.-aligned — the architecture serves both.

RERARERA (Real Estate Regulatory Authority)Tanzania's real estate regulator — funded in the 2025/26 budget to require audit-grade records and structured reporting from developments and body corporates.-readiness

  • Structured audit trail and compliance reports map directly to expected RERARERA (Real Estate Regulatory Authority)Tanzania's real estate regulator — funded in the 2025/26 budget to require audit-grade records and structured reporting from developments and body corporates. reporting categories.
  • AML controls: dual-sig payments, identity verification, suspicious-activity flagging on the roadmap.
  • Export-ready CSVCSV (comma-separated values)A spreadsheet-friendly file — one row per unit or owner — used to import or export registers and ledgers in bulk. / PDF compliance bundles available on demand.
  • Architecture designed so new compliance rules drop in as new permission codes — not as new products.

Request flow

Three layers of defence. One audit log at the bottom.

Sensitive actions are checked before anyone sees them, checked again before they run, and enforced where your records live. If one layer fails, the others still block it — and every outcome is logged for the committee and your auditor.

Outgoing payment · dual sign-off
  1. 01 · What you see

    Role-based screens — owners, tenants, treasurers, and vendors each get only what their role allows.

  2. 02 · What can run

    Payments, votes, and exports require the right authority. High-risk actions ask for a second confirmation.

  3. 03 · Where data lives

    Each association is walled off. Another building's records cannot be reached from yours — by design, not by policy alone.

  4. 04 · What the auditor gets

    An append-only trail — who acted, when, on what — sealed so tampering shows up immediately.

Operational foundations

Built for committees and auditors, not for engineers.

Kasri is designed around controls your committee already understands — who can sign, what gets logged, how tenants stay separate — rather than a shopping list of frameworks and vendors.

Tenant isolation
Each body corporate's records are walled off — another building cannot see yours.
Payment controls
Outgoing money needs two distinct signatories and a fresh identity check.
Audit trail
Append-only log with tamper detection — who acted, when, on what.
Data rights
Consent at registration; access, export, and erasure requests tracked to SLA.
Role clarity
22 roles from chairman to tenant — each screen and action permission-gated.
Where it runs
Hosted in a region close to Tanzania — low latency for Dar es Salaam and the coast.

Data residency

Where your data lives.

Your association's data is stored in a region geographically close to Tanzania, so day-to-day use stays fast for committees and residents in Dar es Salaam. Enterprise customers can request other regions if their governance requires it. In-country hosting is on the roadmap as local infrastructure matures.

Want the full security questionnaire?

We share a SOC 2 control matrix, GDPRGDPR (General Data Protection Regulation)The EU data-protection standard for consent, access, correction, and deletion — Tanzania's regime is aligned with it. DPA, and pen-test summary on request.

Request the docs Book a demo →