Compliance and Trust

Privacy, Security, and Data Protection

How AIDEVELOPIA handles your data, what frameworks guide our security practices, and what we are working toward as we grow.

Updated · March 2026 Compliance Questions

Our commitment

We are transparent about where we are. We apply real data privacy controls and security practices, we are honest about what we have certified and what we are working toward, and we never claim compliance we have not earned.

Legal frameworks

What laws apply to AIDEVELOPIA and how we meet them.

NG

Nigeria Data Protection Act 2023

Applicable law

AIDEVELOPIA is registered with the Nigerian CAC and is subject to the NDPA 2023, enforced by the Nigeria Data Protection Commission (NDPC). We process personal data only with a lawful basis, collect only what is necessary for the service provided, and handle all data in accordance with the NDPA's principles of purpose limitation, data minimisation, and accountability.

NDPA 2023 NDPC regulated Lawful basis processing
EU

GDPR-Aligned Practices

Framework alignment

For customers in the EU and UK, we apply GDPR-aligned data handling practices including consent-based processing, the right to access and erasure, and data minimisation. The NDPA 2023 is itself modelled on GDPR principles, meaning our Nigerian compliance obligations are substantially compatible with GDPR requirements. We do not currently hold GDPR certification but apply these principles in how we handle all customer data.

GDPR-aligned Consent-based Right to erasure
SEC

Security Controls

Current practice

Customer data is encrypted at rest using AES-256 and in transit using TLS 1.3. Each customer account is fully isolated from every other account — no data is shared across accounts. Access to production systems is limited to essential personnel only. We maintain incident response procedures and intend to complete an independent security audit as the company scales.

AES-256 at rest TLS 1.3 in transit Tenant isolation
AI

Responsible AI Use

Current practice

Your AI assistant only answers from the knowledge you upload. We do not use your customers' conversation data to train AI models. We do not use your business knowledge to train models that serve other customers. Every answer is grounded in your specific documents and policies. You retain full ownership and control of everything you upload and can delete it at any time.

No cross-tenant training Knowledge ownership Deletion on request

Certification roadmap

What we have, what we are working toward.

We will update this section as certifications are completed. We do not claim certifications we have not earned.

SOC 2

SOC 2 Type II

On the roadmap

We are building the security controls and documentation required for a SOC 2 Type II audit. We plan to engage an AICPA-accredited auditor when our control environment is audit-ready. We will publish the report date and auditor name when completed.

In preparation
ISO

ISO 27001:2022

On the roadmap

ISO 27001 certification is a future goal as AIDEVELOPIA scales its enterprise customer base. We apply ISO 27001-aligned information security management principles in our current operations and will pursue formal certification at the appropriate stage of growth.

Future milestone
PHI

Healthcare Data

Our position

AIDEVELOPIA is not designed to store or process Protected Health Information (PHI) as defined under HIPAA. Healthcare organisations using our platform should limit the knowledge they upload to administrative, procedural, and publicly available policy documents. We do not offer a HIPAA Business Associate Agreement at this time.

Not applicable

Data practices

How we handle your data.

Data handling

Retention
Customer knowledge and conversation data is retained for the duration of the account. You may request deletion at any time and we will process it promptly.
Encryption
At rest via AES-256. In transit via TLS 1.3.
Subprocessors
We use a limited number of third-party services to operate the platform. View our subprocessors list.
Breach notice
We will notify affected customers within 72 hours of becoming aware of a confirmed data breach, as required by the NDPA 2023.
Cross-border
Where data is transferred outside Nigeria, we apply appropriate safeguards consistent with NDPA 2023 requirements and only use subprocessors who maintain adequate data protection standards.

Your rights under NDPA 2023

As a user or customer of AIDEVELOPIA, you have the following rights regarding your personal data under the Nigeria Data Protection Act 2023:

Right to be informed

We must tell you clearly what data we collect and why before we collect it.

Right to access

You can request a copy of the personal data we hold about you.

Right to correction

You can ask us to correct inaccurate data we hold about you.

Right to erasure

You can request deletion of your personal data. We will process requests promptly.

Right to object

You can object to how we process your data, including for marketing purposes.

Right to data portability

You can request your data in a portable, machine-readable format.

To exercise any of these rights, contact us at contact@aidevelopia.com. We will respond within the timeframes required by the NDPA 2023.

Clear limits

What AIDEVELOPIA does not do with your data.

Our commitments
We do not sell your data to third parties under any circumstances.
We do not use your customers' conversations to train AI models that serve other businesses.
We do not use your uploaded knowledge base to train models available to other tenants.
We do not share data between customer accounts. Every account is isolated.
We do not store or process Protected Health Information (PHI) as defined under HIPAA.
We do not retain your data after you close your account, unless required to by law.

Changelog

Policy update history

Last updated · March 2026
  • v1.1

    Updated to reflect Nigeria Data Protection Act 2023 (NDPA) as primary applicable law. Removed unverified certification claims. Added data subject rights section and honest certification roadmap. (March 2026)

  • v1.0

    Initial compliance page published outlining core data handling practices and security controls. (August 2025)

Questions about compliance?

Talk to us about your data protection requirements.

We are happy to answer specific questions about how we handle your data, discuss your compliance needs, or provide documentation to support your own compliance processes.

Email Us Contact Form

This site uses cookies to enhance your experience, authenticate users, and analyze usage. Please see our Cookie Policy for more information.

Cookie Policy