Last updated: 27 June 2026
Consent first
Every verification is tied to a recorded consent — its method and timestamp — captured before any source is queried. No consent, no lookup.
Data minimisation
We request only the fields a given check requires and avoid holding data we don't need. Where a result can be returned without retaining the underlying source data, we do so.
Append-only audit trail
Verifications, consents, and check results are written to an append-only record. We can prove what was checked, for whom, and under what consent — and that record is never quietly altered.
Data residency
Hakiki is built to keep Tanzanian personal data under appropriate control and, where required, within the country. We treat residency as a design constraint, consistent with the Personal Data Protection Act, 2022 and guidance from sector regulators.
Security
- Encryption of data in transit and at rest.
- Least-privilege access controls and secret management.
- Authenticated, revocable API keys for every integration.
- Logging and monitoring of access to personal data.
Data subject rights
We support our customers in honouring data subject rights — access, correction, deletion, and objection — as set out in our Privacy Policy.
Sub-processors and sources
To complete a verification we exchange the minimum necessary data with the relevant connected source. We maintain records of the sources and processors involved and hold them to appropriate protection standards.
Contact our data protection team
Reach us at privacy@hakiki.co.tz.