Data inventory — ZevCloud
Categories of data ZevCloud holds. Field-by-field detail lives in the schema folder under zevcloud-backend/src/common/database/schema/. This page is the DPO's overview — the schema is the source of truth for exact columns and types.
What we don't store
ZevCloud does not store the customer's email, password, or KYC data. Those live in ZevID. We address customers by their accountId (a UUID issued by ZevID) and read identity fields on demand via the ZevID internal API.
Identity references (not the identity itself)
| Category |
What we hold |
Schema |
| Account pointer |
accountId (UUID issued by ZevID) on every team-membership / billing / audit row |
every owning table |
| ZevID enrollment sync |
Whether this account is enrolled in ZevCloud + their tier — written into ZevID, not stored locally |
n/a (ZevID-owned) |
Team + collaboration data
| Category |
What we hold |
Schema |
| Team |
Team name, owner account id, created/updated timestamps |
teams.schema.ts |
| Team membership |
Per-account team membership + role |
team-members.schema.ts |
| API keys |
Hashed keys + scopes for programmatic access |
api-keys.schema.ts (hash only — plaintext shown once at creation) |
Service + deployment data (customer-controller, ZevCloud-processor)
| Category |
What we hold |
Schema |
| Service |
Service name, type (app / static / DB / worker), team, server allocation |
services.schema.ts |
| Service settings |
Build commands, runtime config, port + healthcheck |
service-settings.schema.ts |
| Environment variables |
Encrypted at rest (AES-256-GCM via the field-crypto service); plaintext is write-only after the isSecret: true flag flips |
env-vars.schema.ts |
| Deployment events |
Per-deploy metadata (commit hash, status, started/finished timestamps) |
deployments.schema.ts |
| Build / runtime logs |
Streamed to the Coolify host; not centrally stored by ZevCloud |
n/a — ephemeral on Coolify volume |
Domain registration + DNS
| Category |
What we hold |
Schema |
| Registered domain |
FQDN, status, registry, expiry, auto-renew flag |
registered-domains.schema.ts |
| Domain contacts (registrant, admin, billing, tech) |
Encrypted at rest (FIELD_ENCRYPTION_KEY AES-256-GCM); registry submits required PII for ICANN/NIRA compliance |
domain-contacts.schema.ts |
| EPP auth code |
Encrypted at rest; used for transfer-in/out |
column on registered_domains |
| DNS records |
Mirror of the Cloudflare zone (CF is source of truth; we keep a mirror for fallback reads + ZPIP attribution) |
dns-records.schema.ts |
| Domain orders (cart) |
Cart state for multi-domain purchases |
domain-orders.schema.ts |
Billing data
| Category |
What we hold |
Schema |
| Invoice |
Header + line items + amount + status; total billed / paid |
invoices.schema.ts |
| Subscription |
Recurring billing schedule, plan id, next renewal date |
subscriptions.schema.ts |
| Payment method |
Tokenised reference (ZevPay's token; no card numbers, BVN, or bank-account credentials stored by ZevCloud) |
payment-methods.schema.ts |
| Plan / TLD pricing |
Sellable plans + per-TLD pricing matrix (no PII) |
plans.schema.ts, tlds.schema.ts |
| Credits ledger ref |
Pointer into ZevID's Zev Credit balance (ZevID is the canonical ledger) |
n/a — read via ZevID API |
Audit + admin
| Category |
What we hold |
Schema |
| Admin audit log |
Every admin action against a customer resource (mark-paid, refund, attach-external-domain, force-delete-alias, etc.) — actor admin id, target resource, before/after where relevant |
admin-audit-logs.schema.ts |
| ZPIP token + delivery audit |
Inbound consent + outbound webhook deliveries |
outbound-zpip.schema.ts, plus the inbound audit captured in the ZPIP middleware |
Special categories (NDPA Sensitive Personal Data)
Not applicable. ZevCloud does not collect biometric, health, racial/ethnic, political, religious, sexual-orientation, or genetic data. KYC outcome (the one place biometric-derived data could land) is held by ZevID — see ZevID's data inventory.