Security

Security is foundational to LEXIMS. We handle sales, inventory, payments, and customer information for retail businesses, and we treat that responsibility seriously.

Encryption

• In transit: all traffic is served over HTTPS/TLS.
• At rest: sensitive fields — such as payment provider credentials — are encrypted in the database with a dedicated encryption key, separate from general storage.

Tenant isolation

LEXIMS is multi-tenant by design. Every record is scoped to a tenant, and access is enforced on the server for every request — your data is never mixed with another business's.

Access control

Role-based permissions govern what each staff member can see and do (sales, inventory, transfers, staff, billing, and more). Owners control roles and can deactivate access instantly.

Payments

Card and M-Pesa payments are processed by established providers (Paystack and Tuma). We do not store full card numbers; we keep transaction references and statuses needed to operate billing and reconcile payments.

Auditability

Key actions — sales, stock movements, transfers, refunds, staff changes, and billing events — are recorded in an activity log so you have a clear trail of what happened and when.

Reliability

The platform runs on managed cloud infrastructure with database connection pooling and sensible timeouts to stay responsive under load.

Reporting a vulnerability

If you believe you've found a security issue, please email security@lexims.app. We appreciate responsible disclosure and will respond promptly.