Subject rights — ZevCloud¶
How NDPA-granted user rights are fulfilled against ZevCloud data. Most rights flow through ZevID centrally (account-level rights are exercised on accounts.zevop.com); this page covers what ZevCloud does specifically.
Entry point for formal requests: dpo@zevop.com. The DPO office triages and forwards relevant items to ZevCloud engineering.
Right of access (NDPA §34)¶
- Self-service today: the customer dashboard surfaces every team / service / domain / invoice / DNS-record the customer is associated with.
- Formal request: the DPO office can ask engineering to produce a complete export. Until a self-service export is built, this is a manual query on the production DB, scoped to the requesting account's rows.
- Clock: 30 days per NDPC GAID.
Right of rectification (NDPA §35)¶
- Self-service: most customer-editable fields (team name, service settings, domain contacts, etc.) are editable directly in the dashboard.
- Not self-service: post-payment invoice line items, audit-log rows, anything in
admin_audit_logs. Those are corrected via admin action with the change captured in the audit log itself.
Right of erasure (NDPA §36)¶
- What we erase on request: team metadata, service metadata + content (containers + their volumes), customer-edited fields, custom-domain attachments, API keys, ZPIP grant references.
- What we retain with legal basis: invoices, subscriptions, payment-method tokens, admin audit logs — financial-record-adjacent + security-forensic. Retention period aligns with CBN 7-year obligations when formalised.
- Cross-product cascade: ZevCloud writes a de-enrollment to ZevID. Other Zev products read from ZevID's enrollment registry, so they pick the change up via the normal sync flow.
- Domains the customer registered through us: not deleted — the registration belongs to the customer at the registry. They can transfer out (auth code is available on demand) or let the domain lapse at expiry.
- Clock: 30 days.
Right to restriction (NDPA §37)¶
- Implementation today: admin can suspend a team (
teams.deactivated_at) which freezes all writes against its resources while retaining the rows. Used for abuse holds, regulatory enquiries, and unresolved billing disputes.
Right to data portability (NDPA §38)¶
- Not self-service yet. On request, engineering produces a CSV/JSON dump of the customer's tables. The dashboard's data-export feature is on the roadmap.
Right to object / withdraw consent¶
- ZPIP consent: a customer revokes any cross-product consent (e.g. ZevWorkspace's right to add DNS records on their behalf) from the Connected Apps screen at
accounts.zevop.com. ZevID propagates the revocation; ZevCloud no longer accepts ZPIP calls under the revoked scope from the moment the revocation lands. - Marketing comms: not currently sent (see
processing.md). When marketing is introduced, a separate consent record will live in ZevID and the unsubscribe path will route through there.
Children¶
ZevCloud is a developer-tools product and our terms require account holders to be 18+. We don't knowingly process children's data. If a children's-data report reaches the DPO, the account is suspended pending investigation.
Process¶
- DPO office receives the request (verifies the requester via ZevID).
- DPO triages: is this access, rectification, erasure, restriction, portability, or objection?
- DPO forwards the actionable items to ZevCloud engineering with the relevant account / team identifiers.
- Engineering executes (admin actions + DB updates), captures the change in
admin_audit_logs, and confirms back to the DPO. - DPO responds to the data subject within the NDPA clock.