Trust

Security

We design muv. to be secure by default. This page describes our security approach and what you can expect when using our website, APIs, and services.

Last updated:

1. Our approach

Security is not a checklist, it’s a product requirement. We prioritize secure defaults, least-privilege access, and operational visibility so issues can be detected and addressed quickly.

2. Data protection

We apply technical and organisational measures to protect customer data. Depending on your integration and configuration, data may include account details, API activity metadata, and transaction information required to operate the service.

  • Encryption in transit (HTTPS/TLS) for the website and API endpoints
  • Secure handling of secrets and credentials (e.g., API keys)
  • Access controls to limit internal access to necessary personnel

3. Application and infrastructure security

We build and operate our systems with a defense-in-depth mindset. Controls vary by environment and service component, but typically include:

  • Change management and reviews for production changes
  • Monitoring and alerting for availability and anomalies
  • Rate limiting and abuse prevention mechanisms
  • Audit logging for sensitive actions

4. Authentication and access

You are responsible for keeping your account credentials and API keys secure. We recommend:

  • Rotating API keys periodically and immediately after suspected exposure
  • Storing secrets in a secure secret manager (not in source control)
  • Applying least-privilege access within your organization

5. Webhooks and event delivery

For integrations using webhooks, we recommend verifying webhook requests and building idempotent handlers. If your integration supports it, ensure:

  • Signature verification for incoming webhook requests
  • Replay protection and idempotency keys
  • Retries and alerting for repeated failures

6. Incident response

We maintain procedures to detect, respond to, and recover from incidents. If we become aware of a security incident that materially affects customer data or service integrity, we will take reasonable steps to notify impacted customers and provide relevant details as appropriate.

7. Vulnerability reporting

We appreciate responsible disclosure. If you believe you’ve found a security vulnerability, report it privately and include enough detail for us to reproduce and investigate.

Email: security@mu.co.zm

  • Do not publicly disclose until we’ve had a reasonable chance to investigate and fix
  • Do not access or modify other users’ data
  • Do not run denial-of-service tests

8. Security questionnaires

If you need a vendor security review or questionnaire, contact us and we’ll coordinate a response and provide available documentation.

Email: trust@mu.co.zm

9. Contact

If you have security questions about muv., reach out to:

security@muv.co.zm

Also see: Privacy and Terms.