Legal
Access Control Policy
Last updated: 9 July 2026
Access to systems and data — ours and our clients' — is controlled on a least-privilege, need-to-know basis.
Principles
- Least privilege: people and services get the minimum access needed for their role
- Unique accounts: shared logins are avoided; actions should be attributable
- Strong authentication: strong passwords and multi-factor authentication where the platform supports it
- Separation of environments: production access is more restricted than development access
- Revocation: access is removed promptly when an engagement or role ends
In client systems
Systems we build implement role-based access control so that owners, managers, staff, and clients each see only what their role allows. Admin areas are protected, and sensitive actions can be limited to specific roles or require approval, according to the system design agreed with the client.
Contact
Questions about this policy: sales@nokomohoto.com or +27 (79) 113-4590.

