Your data security is our priority
We understand the sensitive nature of death care data. Sankorra is built from the ground up with security and compliance at its core.
Security Features
Multiple layers of protection ensure your data stays secure.
Encryption Everywhere
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your data is protected at every step.
Access Controls
Role-based access control (RBAC) ensures staff only access what they need. Multi-factor authentication adds an extra layer of protection.
Secure Infrastructure
Hosted on SOC 2-certified cloud infrastructure (Cloudflare and Supabase) with multi-region redundancy and a 99.9% uptime target.
Audit Logging
Tamper-evident audit logs capture key actions across cases, billing, staff, and access — ready for compliance reviews and regulatory audits.
Data Isolation
Each facility's data is completely isolated using row-level security. No cross-facility data access is possible.
Incident Response
Continuous automated monitoring across our infrastructure, with errors and availability tracked in real time. We notify affected customers promptly when incidents impact their data.
View live statusCompliance & Certifications
We maintain compliance with industry standards and regulations.
Ghana Data Protection Act (Act 843)
In progressRegistration with the Ghana Data Protection Commission is in progress. Personal data is already processed under the lawful bases set out in the Act.
SOC 2-Certified Infrastructure
InheritedHosted on Cloudflare and Supabase, both independently audited to SOC 2 Type II.
Encryption Standards
EnforcedTLS 1.3 enforced for all traffic and AES-256 at rest across managed storage and backups.
Funeral Services Regulation
AlignedDesigned alongside Ghanaian funeral homes and regulators to support local licensing and reporting requirements.
Security Best Practices
We follow industry best practices and continuously improve our security posture to protect your data.
- Secure software development lifecycle (SDLC) with code review on every change
- Automated dependency and vulnerability scanning across all services
- Continuous error and uptime monitoring via Sentry and our public status page
- Encrypted, geographically redundant backups with documented restore procedures
- Principle-of-least-privilege access controls and mandatory MFA for staff
- Security training and confidentiality agreements for all team members
- Vendor review for any subprocessor handling customer data
Security Overview
Request our security overview document for your compliance and vendor review process.
Request OverviewResponsible Disclosure
We value the security research community. If you've discovered a vulnerability, please report it responsibly.
security@sankorra.comBreach Notification
In the unlikely event of a security incident affecting your data, we will act quickly to contain it and keep you informed.
We notify the Ghana Data Protection Commission and any affected customers as soon as practicable after confirming a personal-data breach, in line with the Ghana Data Protection Act 2012 (Act 843).
Notifications include the nature of the incident, the categories of data and individuals impacted, the steps we have taken to contain it, and the actions we recommend you take. We follow up with a written post-incident summary once the investigation is complete.
To report a suspected incident or vulnerability, email security@sankorra.com.
Have security questions?
Our security team is happy to discuss your specific compliance and security requirements.