Compliance & Security

Last updated: January 2025

Our Commitment to Compliance

NeuraCreations is committed to maintaining the highest standards of data protection, security, and regulatory compliance. We understand that trust is fundamental to our client relationships, and we work diligently to earn and maintain that trust through transparent practices and robust security measures.

Data Protection Compliance

Kenya Data Protection Act (DPA) 2019

We fully comply with Kenya's Data Protection Act, ensuring:

  • Lawful processing of personal data
  • Transparent data collection practices
  • Respect for data subject rights
  • Secure data storage and transmission
  • Timely breach notification procedures

General Data Protection Regulation (GDPR)

For our European clients, we maintain GDPR compliance through:

  • Privacy by design principles
  • Data minimization practices
  • Consent management systems
  • Right to be forgotten implementation
  • Data portability features

Security Standards

ISO 27001 Framework

Our security management system follows ISO 27001 guidelines:

  • Information security risk assessment
  • Security control implementation
  • Continuous monitoring and improvement
  • Regular security audits
  • Incident response procedures

Technical Safeguards

  • End-to-end encryption for data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication
  • Regular security updates and patches
  • Secure development lifecycle practices

Industry Standards

Healthcare Compliance

For healthcare clients, we ensure:

  • Patient data confidentiality
  • Secure health information exchange
  • Audit trail maintenance
  • Access control mechanisms

Financial Services

Our financial sector solutions comply with:

  • Central Bank of Kenya regulations
  • Anti-money laundering (AML) requirements
  • Know Your Customer (KYC) standards
  • Payment Card Industry (PCI) DSS

Audit and Certification

We maintain transparency through:

  • Annual third-party security audits
  • Compliance assessments
  • Penetration testing
  • Vulnerability assessments
  • SOC 2 Type II reporting

Data Governance

Data Classification

We classify data based on sensitivity levels:

  • Public: Marketing materials, public documentation
  • Internal: Business operations data
  • Confidential: Client data, proprietary information
  • Restricted: Personal data, financial information

Data Retention

Our data retention policies ensure:

  • Compliance with legal requirements
  • Secure data disposal
  • Regular data purging
  • Client-specific retention schedules

Incident Response

Our incident response plan includes:

  • 24/7 security monitoring
  • Rapid incident detection
  • Immediate containment procedures
  • Stakeholder notification protocols
  • Post-incident analysis and improvement

Employee Training

All NeuraCreations employees receive:

  • Security awareness training
  • Data protection education
  • Compliance procedure training
  • Regular updates on best practices
  • Phishing simulation exercises

Third-Party Management

We ensure our vendors and partners:

  • Meet our security standards
  • Sign data processing agreements
  • Undergo regular security assessments
  • Maintain appropriate certifications
  • Follow incident notification procedures

Continuous Improvement

We continuously enhance our compliance posture through:

  • Regular policy reviews
  • Technology updates
  • Industry best practice adoption
  • Client feedback integration
  • Regulatory change monitoring

Contact Our Compliance Team

For compliance-related inquiries, please contact:

NeuraCreations Ltd - Compliance Office

Email: admin@neuracreations.com

Phone: +254 726 446 598

Address: Nairobi, Kenya