Skip to content

Subject rights — ZevCloud

How NDPA-granted user rights are fulfilled against ZevCloud data. Most rights flow through ZevID centrally (account-level rights are exercised on accounts.zevop.com); this page covers what ZevCloud does specifically.

Entry point for formal requests: dpo@zevop.com. The DPO office triages and forwards relevant items to ZevCloud engineering.

Right of access (NDPA §34)

  • Self-service today: the customer dashboard surfaces every team / service / domain / invoice / DNS-record the customer is associated with.
  • Formal request: the DPO office can ask engineering to produce a complete export. Until a self-service export is built, this is a manual query on the production DB, scoped to the requesting account's rows.
  • Clock: 30 days per NDPC GAID.

Right of rectification (NDPA §35)

  • Self-service: most customer-editable fields (team name, service settings, domain contacts, etc.) are editable directly in the dashboard.
  • Not self-service: post-payment invoice line items, audit-log rows, anything in admin_audit_logs. Those are corrected via admin action with the change captured in the audit log itself.

Right of erasure (NDPA §36)

  • What we erase on request: team metadata, service metadata + content (containers + their volumes), customer-edited fields, custom-domain attachments, API keys, ZPIP grant references.
  • What we retain with legal basis: invoices, subscriptions, payment-method tokens, admin audit logs — financial-record-adjacent + security-forensic. Retention period aligns with CBN 7-year obligations when formalised.
  • Cross-product cascade: ZevCloud writes a de-enrollment to ZevID. Other Zev products read from ZevID's enrollment registry, so they pick the change up via the normal sync flow.
  • Domains the customer registered through us: not deleted — the registration belongs to the customer at the registry. They can transfer out (auth code is available on demand) or let the domain lapse at expiry.
  • Clock: 30 days.

Right to restriction (NDPA §37)

  • Implementation today: admin can suspend a team (teams.deactivated_at) which freezes all writes against its resources while retaining the rows. Used for abuse holds, regulatory enquiries, and unresolved billing disputes.

Right to data portability (NDPA §38)

  • Not self-service yet. On request, engineering produces a CSV/JSON dump of the customer's tables. The dashboard's data-export feature is on the roadmap.
  • ZPIP consent: a customer revokes any cross-product consent (e.g. ZevWorkspace's right to add DNS records on their behalf) from the Connected Apps screen at accounts.zevop.com. ZevID propagates the revocation; ZevCloud no longer accepts ZPIP calls under the revoked scope from the moment the revocation lands.
  • Marketing comms: not currently sent (see processing.md). When marketing is introduced, a separate consent record will live in ZevID and the unsubscribe path will route through there.

Children

ZevCloud is a developer-tools product and our terms require account holders to be 18+. We don't knowingly process children's data. If a children's-data report reaches the DPO, the account is suspended pending investigation.

Process

  1. DPO office receives the request (verifies the requester via ZevID).
  2. DPO triages: is this access, rectification, erasure, restriction, portability, or objection?
  3. DPO forwards the actionable items to ZevCloud engineering with the relevant account / team identifiers.
  4. Engineering executes (admin actions + DB updates), captures the change in admin_audit_logs, and confirms back to the DPO.
  5. DPO responds to the data subject within the NDPA clock.