Sozuri is licensed by the Communications Authority of Kenya, aligned with ODPC data-protection requirements, and built around per-project isolation so dev never sees prod and prod never sees the wrong account. The same posture we'd want as a customer.
Each pillar is independent; together they form the defence-in-depth posture our customers stake their reputations on.
Sozuri operates under a Communications Authority of Kenya licence as a Content & Application Service Provider, with direct peering to every Kenyan carrier.
Every project has its own Bearer token, webhook URL, credit balance and sender ID assignment. Dev never touches prod; prod never sees another client.
Customer data is collected and stored on the principles set out in Kenya's Data Protection Act. Consent and retention practices are exportable for inspection.
Every message, every webhook, every OTP send is logged with timestamp, sender, recipient and delivery state. Inspector-ready, exportable to PDF.
Every Sozuri project is its own tenant. The API key is scoped to a single project; the dashboard view is scoped to the user's role in that project; the database queries are partition-keyed on project ID at the row level. Cross-tenant reads are physically impossible — not just policy-impossible.
Your project data, contacts, message history and audit logs are exportable from the dashboard at any time. On cancellation, you choose a retention window and we honour it — full deletion or hand-off to your nominated successor. No locked-in formats.
Every Sozuri payment confirmation SMS contains a numeric OTP that's also sent to your cashier or operator. Until both phones show the same code, the goods don't leave the till. The cleanest, simplest fraud control in Kenyan retail — built in.
Security questionnaires welcomed. Walk-throughs of our isolation model on request. We're proud of how we built this — we'd rather have you see it than guess at it.