ZevSend¶
What this product is¶
ZevSend is the transactional-messaging API of the Zev ecosystem. Developer customers sign in with ZevID, create a team, add a domain they own, complete DNS verification + brand-identity approval, then dispatch email today (and SMS / WhatsApp / OTP-verify) from their applications via api.zevsend.com or the dashboard at console.zevsend.com. ZevSend is a developer-tools product, not a consumer product. The customer-dashboard host is console.zevsend.com; the public REST API host is api.zevsend.com; the docs site is docs.zevsend.com.
Its data subjects are the developer-customers and team members who sign up to dispatch transactional messaging. The recipients of the messages those customers send (the customers' own users) are NOT ZevSend's data subjects — they are the deploying customer's data subjects (the deploying customer is the controller, ZevSend is the processor for the message body and recipient address).
ZevSend is deliberately transactional only. Marketing email — newsletters, broadcasts, drips, lead nurture — is the role of ZevCampaign, a sibling product on the same platform built for marketers. The split is a deliverability decision, not just a packaging one: transactional and marketing email have fundamentally different complaint-rate profiles, and mixing them on the same sending reputation degrades both. The brand-identity admin approval gate, the per-team suppression list, the absence of a bulk-list feature, and the abuse-driven suspension model are the operational controls that keep ZevSend's sending reputation tuned for transactional. Customers who attempt to use ZevSend for marketing are routed to ZevCampaign instead.
Regulatory scope¶
- NDPA, 2023 — primary obligation as a Nigerian data controller for the data we hold on our customers (account holders, team owners, billing contacts, domain registrants).
- NDPC GAID, 2025 — 72-hour breach notification, DPO designation, RoPA obligations.
- CAN-SPAM, CASL, and other anti-spam regimes — operational controls (brand-approval gate, server-injected sender identity, per-team suppression list, abuse-driven suspension) keep platform sends within legitimate transactional bounds. Bulk marketing is not ZevSend's role; that surface belongs to a future product (ZevCampaign). Customers who attempt to use ZevSend for bulk marketing are subject to suspension under abuse policy.
CBN and other financial-services rules do not apply directly to ZevSend. Billing is handled by ZevPay; financial-regulatory obligations live in ZevPay's section.
Data-controller role¶
- Controller for: customer team membership, domain-ownership claims, brand identity submissions, API keys, suppression lists, webhook subscriptions, billing artefacts, admin audit logs, deliverability metadata (bounce / complaint feedback received from the carrier).
- Processor for: the recipient addresses + message bodies customer applications dispatch through ZevSend. The customer is the controller of who they message and what they send; ZevSend hosts the dispatch pipeline on their behalf. Suppression-list rows (recipient addresses flagged by carrier bounce / complaint feedback) are operational metadata necessary to fulfil the processor role responsibly under anti-spam regimes — they're retained per-team.
The distinction matters: when a message recipient sends a subject-rights enquiry asking who has their email address and why they're being contacted, the request is routed to the customer (the controller), not handled by ZevSend directly. ZevSend's job is to keep the platform secure, fulfil processor obligations (security controls, breach notification to the customer, sub-processor disclosure), and honour suppression signals when a recipient asks the carrier to stop receiving mail.