About ZevOP¶
Legal entity¶
ZevOP Technologies Limited — a Nigerian company. Every Zev product is operated under this single legal entity. References to "Zev" elsewhere in this site or on user-facing surfaces mean the brand / product family; the legal-entity column on every contract, DPA, regulatory filing, and user-facing privacy notice is ZevOP Technologies Limited.
What ZevOP builds¶
ZevOP operates an ecosystem of products that share a single identity layer and a single set of operational controls. The shape is one company, one identity, many products — a user signs up once, MFA-enrols once, and accesses every product through that single account.
| Product | What it does | Status |
|---|---|---|
| ZevID | The identity provider. Centralised user accounts, MFA, cross-product permissions. Lives at accounts.zevop.com. Not a consumer product on its own — every other Zev product authenticates through it. |
Live |
| ZevPay | Payments. Personal and business accounts, wallets, transfers, KYC for financial regulation. | Live |
| ZevCommerce | Merchant platform. Storefronts, catalogues, orders; integrates ZevPay for collections. | Live |
| ZevCloud | Developer cloud. App / container / deployment hosting. | Live |
| ZevWorkspace | Organisation collaboration. Teams, documents, workspace tooling. | Live |
Each product has its own profile in this site. Drill in from the Products nav on the left.
How the products relate¶
Every Zev product depends on ZevID for authentication, MFA, and identity state. Cross-product communication uses ZPIP (the Zev Product Integration Protocol) — a tokenised, scope-bound, audience-bound protocol for one Zev product to act on a user's behalf in another.
Two flavours of ZPIP exist:
- Service-only — generic ecosystem utilities that don't act on a specific user's behalf (e.g. ZevPay's bank-name lookup used by other products).
- Service + user (consent-gated) — a product acts on a specific user's behalf for a specific scope. The user grants consent on
accounts.zevop.comvia an OAuth-style consent screen.
The full protocol specification is on the compliance site: ZPIP overview.
Account-creation model¶
A user signing up at any one Zev product gets:
- A ZevID account (centrally — identity, credentials, MFA).
- An enrollment row for that specific product (the product the user actually signed up at).
ZevID accounts are never auto-created at other products. Each product's enrollment is consent-gated and only happens when the user visits that product and signs up explicitly. A single ZevID account may have zero, one, or several active product enrollments.
Regulatory positioning¶
- Nigeria Data Protection Act (NDPA), 2023 — the primary obligation as a Nigerian data controller. Applies to every product.
- NDPC General Application and Implementation Directive (GAID), 2025 — the implementing regulation. Sets the 72-hour breach-notification clock, DPO designation requirement, and the RoPA structure.
- Central Bank of Nigeria (CBN) regulations — apply to ZevPay (the licensed financial product).
- Card-scheme rules (PCI-DSS) — apply where ZevPay touches cardholder data.
The detailed regulatory record (RoPA, third-party DPAs, retention rules, breach response, subject-rights procedure) is maintained on the compliance site at compliance.zevop.com.
Governance¶
- Data Protection Officer: Izunna Ikewete —
dpo@zevop.com. Designated under NDPC GAID. Owns the DPO mailbox, regulator liaison, and the compliance site. - Security contact:
security@zevop.com.
What this site is NOT¶
- Not a marketing site.
zevop.comhandles public product positioning. - Not the data-protection record.
compliance.zevop.comhandles that — with full RoPA, third-party DPAs, retention rules, and breach-response runbooks. - Not engineering documentation. Each product repo has its own
docs/directory.