Skip to content

Legal

Security Policy

Last updated: 15 May 2026

Security is at the core of everything we do at Meshtrack. This policy outlines our commitment to protecting your data, systems and privacy through comprehensive security measures and industry best practices.

ISO 27001 Certified
1

Information Security Management

We maintain an ISO 27001 certified ISMS that includes:

  • Regular risk assessments and security audits
  • Security awareness training for all employees
  • Incident response and business continuity plans
  • Third-party security assessments and vendor management
  • Continuous monitoring and improvement of security controls
2

Data Encryption

All data is encrypted end-to-end:

  • Data in Transit: TLS 1.3 encryption across all communications
  • Data at Rest: AES-256 encryption for all stored data
  • Key Management: Secure key management with regular rotation
3

Access Control

We enforce strict access controls across all systems:

  • Multi-factor authentication (MFA) for all administrative access
  • Role-based access control (RBAC) with least-privilege enforcement
  • Automated session timeouts and access log monitoring
  • Regular access rights reviews and recertification
4

Infrastructure Security

Our infrastructure is hardened at every layer:

  • Deployed on Cloudflare's secure global network
  • DDoS protection and Intrusion Detection/Prevention Systems
  • Automated patch management and vulnerability scanning
  • Geographic redundancy and tested failover mechanisms
5

Application Security

Security is embedded in our development process:

  • Secure Software Development Lifecycle (SSDLC)
  • Regular code reviews, SAST and DAST security testing
  • Dependency scanning and vulnerability management
  • API rate limiting, input validation and output encoding
6

Hardware Security

Meshtrack hardware devices include:

  • Secure boot and firmware integrity verification
  • Hardware-level encryption for local data storage
  • Tamper detection mechanisms
  • Secure supply chain management
7

Incident Response

Our 24/7 incident response process covers:

  • Automated detection, alerting and initial containment
  • Investigation, root cause analysis and remediation
  • Communication with affected parties within required timeframes
  • Post-incident review and lessons-learned integration
8

Compliance & Certifications

We comply with applicable data protection regulations:

  • ISO 27001 — Information Security Management
  • POPIA — Protection of Personal Information Act (South Africa)
  • GDPR — General Data Protection Regulation (EU)
  • SOC 2 Type II — Security, Availability and Confidentiality
9

Reporting Security Issues

If you discover a vulnerability or security concern, please contact us responsibly:

  • Email: [email protected]
  • Include a detailed description of the issue
  • Allow reasonable time for investigation before disclosure
Document Control | Version 1.0 | Classification: Public | Last Updated: 15 May 2026