Security & Trust
Last updated: 29 June 2026
Health data is among the most sensitive information that exists. Protecting it is foundational to everything Kora builds. This page summarizes the safeguards and practices we use to keep clinical and personal data secure.
Our commitment
Kora is built for environments where trust, reliability, and data protection are non-negotiable — clinics, hospitals, and ministries of health. Security and privacy are designed into the platform, not added afterward.
Encryption
- In transit: all connections to our services use modern TLS encryption.
- At rest: stored data is encrypted using industry-standard algorithms.
Access control
- Role-based access and the principle of least privilege — people and systems get only the access they need.
- Authentication controls and audit logging of access to sensitive data.
Data residency and sovereignty
Kora supports in-country data residency for clinical data where required, so that patient information can be stored and processed in line with national data-protection and health-data laws. De-identified, aggregated population-health data is used for surveillance and reporting wherever individual-level data is not required.
Offline-first and edge processing
Kora's offline-first architecture runs clinical AI on-device or on a facility server, reducing the need to transmit sensitive data over networks and keeping core functions available even without connectivity.
Data minimization
We collect and retain only what is necessary, and we de-identify or aggregate data for analytics and population-health use wherever feasible.
Monitoring and resilience
We monitor our systems for security and availability, maintain logging, and apply secure development and change-management practices.
Breach response
We maintain procedures to detect, contain, and respond to security incidents, and to notify affected clients, individuals, and regulators within the timeframes required by applicable law.
Compliance posture
We design our practices to align with applicable African data-protection laws — including Nigeria's Data Protection Act, Kenya's Data Protection Act, and Ghana's Data Protection Act — and with recognized security standards and health-data safeguards (for example, ISO 27001-style controls and HIPAA-aligned practices). We enter into Data Processing Agreements with the providers, health systems, and government partners whose data we process. [Specific certifications and audit status to be listed here as they are obtained.]
Responsible disclosure
If you believe you have found a security vulnerability, please contact us at info@korahealthafrica.com so we can investigate and respond. We appreciate responsible disclosure.
Contact
For security or data-protection questions: info@korahealthafrica.com.