Pass every audit with confidence
African data protection laws aren't optional. Cedrios is built from the ground up with POPIA, NDPR, and Kenya DPA compliance — audit trails, encryption, access controls, and data rights baked in, not bolted on.
Built for POPIA (South Africa), NDPR (Nigeria), DPA (Kenya), and DPA (Rwanda) from day one
Sound familiar?
The auditor is coming — panic
You need to produce employee records, policy acknowledgements, and leave histories by Friday. Everything's in different places. Some things are missing entirely.
Everyone can see everything
Medical records in a shared folder. Disciplinary files accessible to the whole team. No access controls, no privacy, no compliance.
No record of who did what
Someone changed an employee's start date. Someone approved leave that shouldn't have been approved. No trail, no accountability.
Labour dispute with no evidence
An employee claims they never received the handbook. You can't prove they did. A termination is challenged — you have no documented process.
Compliance built in, not bolted on
Every action logged. Permanently.
Every create, update, delete, login, approval, rejection, export, and import is recorded with who did it, when, and from where. The audit log cannot be edited or deleted by anyone — not even the Super Admin.
- Who did what, to which record, at what time, from which IP
- Covers all actions: create, update, delete, approve, reject, export, import, login, logout
- Admin-only access to full audit log
- Filter by user, action type, module, or date range
- Export audit log as CSV for external review
- Immutable — cannot be edited or deleted by anyone
The right people see the right data
Four-tier role-based access control ensures every person only sees what they're supposed to. Sensitive data stays private. Permissions are enforced across every module.
- Super Admin: full platform access, billing, audit log
- HR Admin: manage people, leave, documents, assets within their scope
- Manager: view and approve for their direct reports only
- Team Member: self-service access to their own profile, leave, and documents
- Sensitive data flag: medical and disciplinary records restricted to HR Admin+
- Permissions enforced consistently across People, Time Off, Documents, and Assets
Your data encrypted everywhere
All data encrypted in transit and at rest. Passwords securely hashed. Multi-tenant isolation ensures your company's data is completely separated from everyone else's.
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for all data at rest
- Passwords hashed with bcrypt
- Complete multi-tenant isolation — no cross-company data access, ever
- Auto-logout after configurable idle period (default 30 min web, 7 days mobile)
- Security audit and penetration testing
Data export and deletion — one click
POPIA, NDPR, and Kenya DPA require you to export or delete a person's data on request. Cedrios generates a complete data export in minutes. Deletion is thorough and documented.
- Export all data for any person as a downloadable ZIP
- Complete export generated in under 5 minutes
- Right to deletion: remove a person's data permanently with documented proof
- Compliant with POPIA (South Africa), NDPR (Nigeria), DPA (Kenya), DPA (Rwanda)
- Data retention policies: flag documents past retention for review
- Deletion is logged in the audit trail for your records
Proof your team read the policy
During a labour dispute, 'they should have known' isn't enough. Cedrios tracks exactly who acknowledged which policy, and when — timestamped and undeniable.
- Mark any document as requiring acknowledgement
- Team members notified and must confirm they've read it
- Timestamped record: who acknowledged, when, from which device
- Dashboard showing who hasn't acknowledged yet
- Undeniable proof for auditors, regulators, and labour courts
- Works for handbooks, code of conduct, safety policies, and any custom document
Pre-configured for African labour law
Leave entitlements, public holidays, document templates, and statutory fields are pre-loaded for your country. You don't need to research the law — Cedrios already knows it.
- Nigeria: Annual Leave (6–30 days), PAYE fields, NDPR compliance
- South Africa: BCEA leave (21 days + family responsibility + maternity), POPIA, UIF/COIDA fields
- Kenya: Employment Act leave, NSSF/NHIF fields, DPA compliance
- Ghana: SSNIT fields, Labour Act leave entitlements
- Rwanda: Labour law leave types, DPA compliance
- Public holidays pre-loaded and automatically excluded from leave calculations
Regulation coverage at a glance
Before Cedrios vs. After
Before
- Scramble to find records when the auditor arrives
- No idea who accessed or changed what
- Everyone can see sensitive files
- No proof policies were acknowledged
- Data export requests take days of manual work
- Labour disputes are he-said-she-said
After Cedrios
- Every record searchable, exportable, ready for audit
- Immutable audit trail of every action
- Role-based access — sensitive data locked down
- Timestamped acknowledgement records
- One-click data export in under 5 minutes
- Documented process for every decision
Frequently asked questions
Yes. Audit trails, encryption, role-based access, and data export/deletion are included on every plan — including Free. Compliance isn't a premium feature.
Still have questions?
Ready to make compliance effortless?
Audit trails, encryption, and access controls are included on every plan — even Free. No add-ons, no extra cost.