§ I — Security & privacy, stated plainly —

A breach of one club
can't reach another.
By design.

our members trust you with their ID numbers, photographs and signatures. Kultiflo seals that data inside its own club, encrypts it on Google's infrastructure, and hands the keys only to the people you authorise — privacy you can audit, not just take on faith.

See how the wall works

Built on Google Cloud.
POPIA-aligned by design.

— What that protection rests on —
01Per-club isolation
at three layers
02AES-256 at rest
on Google Cloud
03POPIA consent
on every member
04App Check on
every request
§ II — The wall between clubs —

One club can't see another.
Enforced in three places.

Most systems put a single wall between tenants and hope nothing slips past it. Kultiflo enforces club isolation at three independent layers — if one ever failed, the next two still hold. One club's members, inventory and settlements have no path to another's.

N° 01

Database security rules.

Firestore security rules check your authenticated identity and your club against every read and every write before it touches the data. This runs on Google's infrastructure, not inside our app — there is no request that can talk its way around it, and no admin screen or backdoor that exposes one club to another.

Layer 01 Enforced
at the data
N° 02

Query-time club filtering.

Every query the apps make is scoped to your club's ID before it leaves the device. Another club's data is never requested, never returned, never cached. The app simply has no question it can ask that would surface it.

Layer 02 Enforced
at the request
N° 03

Interface rendering.

The interface only ever assembles the club you are signed in to. Even if the layers above were somehow bypassed, there is no screen, list or report in the product that is built to display another club's members or records.

Layer 03 Enforced
at the view
§ III — Where the data lives, and how it's locked —

Built on the infrastructure
that runs Google.

Kultiflo runs on Google Cloud — Firebase and Firestore — the same platform behind Google Workspace, with automatic redundancy and failover across multiple data centres. We don't run our own servers, and we don't ask you to trust ours.

N° 01

Google Cloud, independently certified.

Your members' data sits in Google Cloud, which is independently audited and certified against the standards below. These certifications are held by Google Cloud as Kultiflo's infrastructure provider — the same security posture that protects billions of users worldwide.

SOC 2 ISO 27001 ISO 27017 ISO 27018 Held by Google Cloud, Kultiflo's infrastructure provider — not by Kultiflo itself.
Held by Google
Cloud
N° 02

Encrypted in transit
and at rest.

Every connection between the apps and the backend travels over TLS 1.2+ (HTTPS) — the same standard that protects online banking. Data stored on Google Cloud is encrypted at rest with AES-256, with keys managed by Google's Key Management Service and held separately from the data they unlock.

In transit TLS 1.2+

At rest AES-256
§ IV — Who can get in —

Only the right people
reach the data.

Identity is verified by Firebase Authentication, not a home-grown login. Your club decides who holds which role, and the system holds them to it.

N° 01

Verified sign-in, optional MFA, biometric lock.

Members and staff sign in through Firebase Authentication. Multi-factor authentication can be switched on for a second verification step, and biometric unlock — fingerprint or face — is available on supported devices, so a borrowed phone is not an open door.

Stops stolen-password
access
N° 02

Genuine clients only.

Firebase App Check verifies that requests come from the real Kultiflo apps before they reach the backend, turning away bots, scrapers and spoofed clients that try to imitate them.

Stops bots &
spoofed clients
N° 03

Roles, strictly kept.

Every action is gated by role — admin, front desk, POS operator, farmer. People see and do only what their role allows. And sensitive actions — voids, stock removals, member approvals, settlements — are written to an audit trail that records who did what, and when.

Stops silent
tampering
§ V — Lines we don't cross —

What we never do.

Some protections are technical. These are commitments.

  • We never sell your members' data.
  • We never use it for advertising.
  • We never train AI models on it.
  • We never let one club's data reach another.
  • We never open your data out of curiosity — only to fix a problem you've reported.
§ VI — What the data subject is owed —

The data belongs to
your members.

POPIA gives every member rights over their personal information. Kultiflo is built to honour them — not to hold data hostage.

N° 01

Consent, captured explicitly.

Before a member is registered, four consents are recorded against their profile — terms, privacy, data processing, and (optionally) marketing — each linked to the live document they agreed to, with the timestamp. Lawful processing isn't an afterthought; it's step one of onboarding.

POPIA lawful
processing
N° 02

Access, correction, deletion.

Members may ask to see, correct, or delete the personal information held about them, and those requests are honoured under POPIA. Deletion is handled on request through your club — not buried behind a form designed to make you give up.

POPIA data-subject
rights
N° 03

Restricted internal access.

Only approved staff can reach production data, and only to resolve a problem that's been reported — never to browse. The system is built so that we rarely need to look at a member's data at all.

Least privilege,
by default
§ VII — Still have a question —

Bring us your hardest
data-protection question.

POPIA-aligned Google Cloud Encrypted Isolated by club

On candourWe'd rather show you how the system is built than quote a track record. Kultiflo is young — our case for your trust is the architecture on this page, and every layer of it reflects how the apps actually work. If something here matters to your members, ask us to walk you through it.

Email our team Read the full Privacy & POPIA policy →