Skip to content

Zev Compliance Documentation

This site documents how every Zev product collects, processes, stores, and shares user data — and the controls we apply at every step. It's the source of truth for our Data Protection Officer (DPO), internal staff with a need-to-know, and external auditors (NDPC, banking partners, enterprise customers).

Access

You're reading this because you authenticated through Cloudflare Access with an allow-listed email. Sessions last 24 hours; re-authenticate after that. To request access for a colleague or external auditor, contact the DPO.

Where to start

Regulatory scope

This documentation is structured to satisfy:

  • Nigeria Data Protection Act (NDPA), 2023 — primary obligation as a Nigerian data controller.
  • NDPC General Application and Implementation Directive (GAID), 2025 — implementing regulation.
  • CBN regulations (for financial-product retention requirements — applies to ZevPay).
  • Industry-standard security frameworks we benchmark against (referenced where used).

Each product's security.md section names which controls apply specifically to it.

Conventions

  • Truth over polish. Every claim here describes current reality. Plans go under explicit "Future changes" headings with target dates.
  • Verifiable. Where a claim can be checked in code, we link to the code. Where it's operational, we describe the procedure and the person responsible.
  • Updated continuously. This site is git-backed. Every change is a PR with a review trail. The DPO can ask "when did X change?" and the answer is in git log.

Status

Section Status
Repo skeleton, template, contributor guides ✅ Done
ZevID (reference implementation) 🚧 In progress
ZevPay ⏳ Pending — product team to populate
ZevCommerce ⏳ Pending
ZevCloud ⏳ Pending
ZevWorkspace ⏳ Pending
Cross-product flows + security architecture 🚧 In progress
DPO policies ⏳ DPO to author