Glossary¶
Terms used across this documentation. Add a row when you introduce internal vocabulary in any product's section.
| Term | Definition |
|---|---|
| accountId | ZevID-issued UUID for a user. The single identifier used across every Zev product. Documented in Ecosystem overview. |
| clientId | Product identifier (lowercase, e.g. zevpay, zevcommerce). Used in ZPIP, OAuth, and audit logs. |
| Controller | Per NDPA: the entity that determines purposes + means of processing. ZevOP Technologies Limited is the controller for all user-facing data we collect across the Zev ecosystem. |
| Cross-border transfer | Movement of personal data outside Nigeria. NDPA §41 requires a lawful mechanism. Documented per product in third-parties.md. |
| Data subject | The person the data is about. For Zev: our users. NDPA grants subjects specific rights — see subject-rights.md per product. |
| DPA | Data Processing Agreement. Required between a controller and a processor (NDPA §29). Tracked per vendor in third-parties.md. |
| DPO | Data Protection Officer. NDPA §32-mandated role. See policies/dpo.md. |
| GAID | NDPC General Application and Implementation Directive, 2025. Implementing regulation under NDPA. |
| KYC | Know-Your-Customer. Identity verification with regulator-required rigor. Today: run by ZevPay via Smile Identity (TBD: confirm vendor). Outcome stored in ZevID's kyc_verifications. |
| Lawful basis | One of six bases NDPA recognises for processing personal data: consent, contract, legal obligation, vital interest, public interest, legitimate interest. Stated per processing purpose in processing.md per product. |
| NDPA | Nigeria Data Protection Act, 2023. The primary statute. |
| NDPC | Nigeria Data Protection Commission. The regulator. |
| Personal data | Any information relating to an identified or identifiable person. NDPA §65 definition. |
| Processor | Per NDPA: an entity that processes personal data on behalf of a controller. Most of our third-party vendors are processors. |
| RoPA | Record of Processing Activities. Formal document derived from per-product data-inventory.md files. DPO owns. |
| SAR | Subject Access Request. A user asking for a copy of data we hold about them. Handled per subject-rights.md per product. |
| Sensitive Personal Data / Special Categories | NDPA's higher-protection categories: health, biometric, racial, political, religious, sexual-orientation, genetic. Stricter consent rules apply. |
| Service-only ZPIP | A ZPIP call with no user in the loop. No consent screen, generic ecosystem utility. See cross-product/zpip.md. |
| Service+user ZPIP | A ZPIP call acting on behalf of a specific user. Requires user consent on accounts.zevop.com/zpip-consent. See cross-product/zpip.md. |
| ZevID | Centralised identity provider at accounts.zevop.com. Source of truth for user identity + cross-product consent + enrollment registry. See products/zevid/. |
| ZevOP Technologies Limited | The legal entity behind every Zev product. The data controller named on all NDPA filings, DPAs, and user-facing privacy notices. The "Zev" brand and the products live under this entity. |
| ZPIP | Zev Product Integration Protocol. Specification of how Zev products call each other. See cross-product/zpip.md. |