Security & data protection

Msharti sits between your AI assistant and your business systems. Every request passes through seven security layers before a response is returned. Here is exactly what each layer does.

Credential encryption

When you connect a system, Msharti encrypts your credentials at rest using AES-256-GCM. The encryption key is stored separately from your credentials — not in the same database as the encrypted data. Credentials are decrypted only inside the connector service at call time, held in memory for the duration of the API call, and never written to logs or returned to the AI.

LayerWhat it does
AES-256-GCM at rest All credentials encrypted at rest. Encryption key stored separately from the credential store.
TLS 1.3 in transit All traffic between your AI assistant, Msharti, and third-party APIs travels encrypted. No plaintext credential transmission.
Memory-only decryption Credentials are decrypted only inside the connector service at call time. Never logged, never persisted after the call completes.

Tenant isolation

Every Msharti account is a tenant. Tenant isolation is enforced at multiple levels:

  • JWT-scoped API keys — every API key encodes the tenant ID. The gateway validates this on every request.
  • Row-level security — every tenant table has RLS policies. SQL queries for Tenant A cannot return Tenant B's rows, even if the application layer were bypassed.
  • Isolated connector containers — each connector runs in its own Docker container. A vulnerability in one connector cannot access credentials or data from another connector or tenant.
🔒

No cross-tenant bleed. One customer's API key can never reach another customer's data. This is enforced at the database layer, not just the application layer.

Gateway protections

ProtectionHow it works
Prompt-injection detection Every request payload is scanned for known injection patterns — attempts by malicious content in your data (e.g. an email subject line) to alter the AI's instructions. Flagged requests are blocked before reaching the connector.
Secret stripping Before any response reaches the AI, a regex-based filter removes API keys, passwords, KRA PINs, phone numbers in sensitive contexts, and other credential patterns. Your secrets do not appear in AI responses or conversation logs.
SQL write-blocking INSERT, UPDATE, and DELETE statements are rejected at the gateway for all database connectors, regardless of what the AI generates. Row limit: 500. Query timeout: 30 seconds.
Per-key rate limits Each API key is rate-limited per your plan tier. Sustained bursts above the limit are queued briefly, then rejected with a 429 response — never silently dropped.

Audit trail

Every tool call is logged with:

  • Who made the request (API key / user identity)
  • Which tool was called
  • Which connector was routed to
  • Timestamp (UTC)
  • Response status (success / error code)

Audit logs are immutable — no dashboard action can delete them. Retention: 30 days on Free, 90 days on Starter, 1 year on Business, and 7 years on Enterprise. See Limits & plans for the full breakdown. Logs are exportable as CSV from Starter and above.

On Business and Enterprise plans, audit logs are available in the Msharti dashboard under Security → Audit Log, and can be streamed to your SIEM. Enterprise adds dedicated storage on top.

Role-based access

Every user in your Msharti tenant is assigned a role that determines which connectors and tools they can invoke:

RoleAccess
Admin All connectors, all tools, dashboard configuration, user management, billing.
Manager All connectors, all tools. No dashboard configuration or billing.
CFO Full access to financial connectors (M-Pesa, Sage, KRA). No dashboard configuration or billing.
Viewer Read-only tools only across all connectors. Write tools (send_message, create_ticket, etc.) are blocked.

Data residency

Msharti's infrastructure is hosted within Africa. All tenant data — credentials, configuration, audit logs — is stored on the continent. Data does not leave Africa in normal operation.

Connector classWhat transits where
M-Pesa Daraja, KRA GavaConnect Request from our infrastructure to Safaricom/KRA APIs hosted in Kenya. No data leaves Africa.
Microsoft 365 (Outlook, Teams, SharePoint, Dynamics) Request goes to Microsoft Graph API (eu-west or us-east depending on your M365 tenant region). Response is processed on our infrastructure and returned to you.
Salesforce, HubSpot, Zendesk, Zoho Request goes to your CRM's cloud region (varies by your account location). Response is processed on our infrastructure.
PostgreSQL / MySQL (self-hosted) Connection goes directly to your database server. The gateway proxies the query; results are returned to our infrastructure.
🏢

In-country residency. Banks and enterprises requiring that all data stay within Kenya can deploy Msharti on a dedicated self-hosted instance within Kenya, or on your own on-premises infrastructure. Available on Enterprise plans. Email [email protected].

Compliance

  • Kenya Data Protection Act, 2019 (ODPC): Audit logging and data protection controls align with Kenya's ODPC requirements for personal data processing.
  • Delegated permissions (M365): Msharti uses delegated OAuth permissions — the AI can only do what the signed-in user can do. No application-level permissions that could access all tenant data.