Product

Compliance

Evodira is built for accountability — ours and yours.

Our Compliance Philosophy

We operate at the intersection of AI, personal data, and commercial trust decisions that can materially affect a merchant's livelihood. That demands higher standards — not just technical compliance but genuine accountability.

  • All high-impact AI decisions require human confirmation.
  • Every data access and model inference is logged in an immutable audit trail.
  • Merchants have the right to request human review of any automated score.
  • We publish model cards for every AI model family in production.

Standards & Certifications

NDPR 2023
Nigeria Data Protection Regulation
Data subject rights, breach notification, lawful basis, cross-border transfer safeguards.
Compliant
GDPR
EU General Data Protection Regulation
Standard Contractual Clauses for EU data subjects; DPO appointed; Article 35 DPIA completed.
Compliant
ISO 27001
Information Security Management
Certification audit scheduled Q3 2026. Controls gap assessment complete.
In progress
SOC 2 Type II
Service Organization Control
Observation period begins Q3 2026.
In progress
NAFDAC Guidelines
National Agency for Food & Drug Administration
Evidence categories and inspection checklists aligned to NAFDAC food-safety requirements.
Aligned
PCI DSS
Payment Card Industry Data Security Standard
Evodira does not process, store, or transmit payment card data.
Not applicable

Security Controls

  • Encryption — AES-256 at rest; TLS 1.3 in transit.
  • Access — RBAC with MFA; least-privilege principle; quarterly access reviews.
  • Network — VPC isolation; WAF; DDoS protection on all public endpoints.
  • Vulnerability management — continuous SAST/DAST; annual third-party pentest.
  • Incident response — documented IR playbook; 72-hour breach notification to NDPC.
  • Business continuity — 99.9% uptime SLA; RTO 4 h; RPO 1 h; daily encrypted backups.

Security Reports & DPA

Customers on Business and Enterprise plans can request:

  • Latest pentest executive summary (under NDA).
  • SOC 2 report (available Q4 2026).
  • Signed Data Processing Agreement.
  • Sub-processor list.

Request via security@evodira.com.