NDPR & GDPR Compliant.
Residence is built to meet the most stringent data protection standards in Nigeria and internationally.
Our Framework
Compliance pillars
NDPR Compliance
Full compliance with the Nigeria Data Protection Regulation. We implement data protection by design and conduct regular Data Protection Impact Assessments (DPIA).
PCI DSS (via Paystack)
All payment processing is handled through Paystack, a PCI DSS Level 1 certified processor. We never store card details on our servers.
Data Encryption
AES-256 encryption at rest and TLS 1.3 in transit. All sensitive data is encrypted before storage and during transmission.
Access Control
Role-Based Access Control (RBAC) ensures users only access data relevant to their role. All access is logged and auditable.
Certifications
Standards we follow
NDPR Registration
Registered with NITDA as a data controller
PCI DSS (Paystack)
Payment processing via certified provider
SOC 2 Type II
Security and availability controls audit
ISO 27001
Information security management certification
Security
Internal controls
Beyond compliance certifications, we implement rigorous internal controls to protect your data and ensure platform integrity.
Role-Based Access Controls (RBAC)
Granular permissions based on user roles and responsibilities.
Annual Staff Training
Mandatory privacy and security training for all employees.
Data Protection Impact Assessments
Regular DPIAs for new features and data processing activities.
Incident Response Plan
Documented procedures for security incident handling.
Vendor Due Diligence
Security assessment of all third-party service providers.
Regular Security Audits
Quarterly internal audits and annual third-party penetration tests.
"Compliance is not just a checkbox for us; it is the framework that allows us to build trust at scale in the Nigerian real estate market."
— Chief Legal Officer, Residence
FAQ
Compliance questions
How do you protect resident data?
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). We implement strict access controls and conduct regular security audits.
Do you share data with third parties?
We only share data with service providers necessary for platform operation (e.g., Paystack for payments). We never sell or trade data.
How do you comply with NDPR?
We are registered with NITDA, conduct DPIAs, maintain data processing records, and have appointed a Data Protection Officer.
What happens to data when an estate leaves?
Upon termination, we export all estate data in a standard format and delete it from our systems within 90 days.
How do you handle security incidents?
We have a documented incident response plan. Affected parties are notified within 72 hours as required by NDPR.
Can residents request their data?
Yes. Residents can request access to, correction of, or deletion of their personal data through their estate administrator or directly to us.
Data Residency
All resident data is stored on servers located in secure data centers. In compliance with the Nigeria Data Protection Regulation (NDPR), we implement strict data handling protocols and do not transfer personal data outside Nigeria without adequate protection measures.
Have compliance questions?
Our legal and compliance team is available to address any concerns about data protection and regulatory compliance.