Aidevelopia
About
Agents
AI Support Agent AI Email Telegram Bot Discord Bot Web3 AI Bot New
Solutions
E-commerce Healthcare Education Web 3
Pricing
Demo Log in Sign up
rev 1.0.0 · indexing live

effective · March 2026 version · v1.1 law · Nigeria / NDPA 2023
diff available ↓
legal / compliance & trust

Privacy, security, data.

How AIDEVELOPIA handles your data, what frameworks guide our security practices, and what we are working toward as we grow.

We are transparent about where we are. We apply real data privacy controls and security practices, we are honest about what we have certified and what we are working toward, and we never claim compliance we have not earned.

cac reg / 9417767 ndpa 2023 · ndpc regulated compliance questions →
/01

What laws apply, how we meet them.

Four frameworks govern how we handle your data. The first is legally binding on us as a Nigerian entity. The other three are practices we apply.

NG
Nigeria Data Protection Act 2023
Applicable law

AIDEVELOPIA is registered with the Nigerian CAC and is subject to the NDPA 2023, enforced by the Nigeria Data Protection Commission (NDPC). We process personal data only with a lawful basis, collect only what is necessary for the service provided, and handle all data in accordance with the NDPA's principles of purpose limitation, data minimisation, and accountability.

NDPA 2023 NDPC regulated Lawful basis processing
EU
GDPR-Aligned Practices
Framework alignment

For customers in the EU and UK, we apply GDPR-aligned data handling practices including consent-based processing, the right to access and erasure, and data minimisation. The NDPA 2023 is itself modelled on GDPR principles, meaning our Nigerian compliance obligations are substantially compatible with GDPR requirements. We do not currently hold GDPR certification but apply these principles in how we handle all customer data.

GDPR-aligned Consent-based Right to erasure
SEC
Security Controls
Current practice

Customer data is encrypted at rest using AES-256 and in transit using TLS 1.3. Each customer account is fully isolated from every other account, no data is shared across accounts. Access to production systems is limited to essential personnel only. We maintain incident response procedures and intend to complete an independent security audit as the company scales.

AES-256 at rest TLS 1.3 in transit Tenant isolation
AI
Responsible AI Use
Current practice

Your AI assistant only answers from the knowledge you upload. We do not use your customers' conversation data to train AI models. We do not use your business knowledge to train models that serve other customers. Every answer is grounded in your specific documents and policies. You retain full ownership and control of everything you upload and can delete it at any time.

No cross-tenant training Knowledge ownership Deletion on request
/02

What we have, what we are working toward.

We will update this section as certifications are completed. We do not claim certifications we have not earned.

SOC 2
SOC 2 Type II

We are building the security controls and documentation required for a SOC 2 Type II audit. We plan to engage an AICPA-accredited auditor when our control environment is audit-ready. We will publish the report date and auditor name when completed.

● In preparation
ISO
ISO 27001:2022

ISO 27001 certification is a future goal as AIDEVELOPIA scales its enterprise customer base. We apply ISO 27001-aligned information security management principles in our current operations and will pursue formal certification at the appropriate stage of growth.

● Future milestone
PHI
Healthcare Data

AIDEVELOPIA is not designed to store or process Protected Health Information (PHI) as defined under HIPAA. Healthcare organisations using our platform should limit the knowledge they upload to administrative, procedural, and publicly available policy documents. We do not offer a HIPAA Business Associate Agreement at this time.

● Not applicable
/03

How we handle your data.

Retention
Customer knowledge and conversation data is retained for the duration of the account. You may request deletion at any time and we will process it promptly.
Encryption
At rest via AES-256. In transit via TLS 1.3.
Subprocessors
We use a limited number of third-party services to operate the platform. View our subprocessors list.
Breach notice
We will notify affected customers within 72 hours of becoming aware of a confirmed data breach, as required by the NDPA 2023.
Cross-border
Where data is transferred outside Nigeria, we apply appropriate safeguards consistent with NDPA 2023 requirements and only use subprocessors who maintain adequate data protection standards.
/04

Your rights under NDPA 2023.

As a user or customer of AIDEVELOPIA, you have the following rights regarding your personal data under the Nigeria Data Protection Act 2023:

Right to be informed
We must tell you clearly what data we collect and why before we collect it.
Right to access
You can request a copy of the personal data we hold about you.
Right to correction
You can ask us to correct inaccurate data we hold about you.
Right to erasure
You can request deletion of your personal data. We will process requests promptly.
Right to object
You can object to how we process your data, including for marketing purposes.
Right to data portability
You can request your data in a portable, machine-readable format.

To exercise any of these rights, contact us at contact@aidevelopia.com. We will respond within the timeframes required by the NDPA 2023.

/05

What AIDEVELOPIA does not do with your data.

Six commitments. We hold ourselves to these.

01

We do not sell your data to third parties under any circumstances.

02

We do not use your customers' conversations to train AI models that serve other businesses.

03

We do not use your uploaded knowledge base to train models available to other tenants.

04

We do not share data between customer accounts. Every account is isolated.

05

We do not store or process Protected Health Information (PHI) as defined under HIPAA.

06

We do not retain your data after you close your account, unless required to by law.

/06

Changelog.

policy update history updated · March 2026
v1.1

Updated to reflect Nigeria Data Protection Act 2023 (NDPA) as primary applicable law. Removed unverified certification claims. Added data subject rights section and honest certification roadmap. (March 2026)

v1.0

Initial compliance page published outlining core data handling practices and security controls. (August 2025)

/07

Talk to us about your data protection requirements.

We are happy to answer specific questions about how we handle your data, discuss your compliance needs, or provide documentation to support your own compliance processes.

email us → contact form
related legal docs
terms of service privacy policy cookie policy cookie settings data subprocessors

This site uses cookies to enhance your experience, authenticate users, and analyze usage. Please see our Cookie Policy for more information.

Cookie Policy