Legal & Compliance

Legal Documentation
& Compliance

NestFlow CRM is built with privacy and security at its core. Below you will find our full legal documentation , Privacy Policy, Terms of Service, Data Processing Agreement, and compliance overview.

Document version 1.0 , 20 April 2026DOT (Digital Okonma Technologies Ltd.)

Legal Documents

All legal documents

Privacy Policy

Privacy Policy

How we collect, use, and protect your personal data , including data subjects, legal bases, retention, and your GDPR/NDPR rights.

Updated: 20 April 2026
Terms of Service

Terms of Service

The rules governing use of the NestFlow platform , including acceptable use, IP, fees, limitation of liability, and dispute resolution.

Updated: 20 April 2026
DPA

Data Processing Agreement

The contract between NestFlow (Processor) and enterprise clients (Controller), covering obligations, sub-processors, and security measures.

Updated: 20 April 2026

Regulatory Compliance

Compliance overview

Status of NestFlow CRM's compliance implementation across major regulatory frameworks.

Implemented
In Progress
Pending

GDPR / UK GDPR

EU / EEA / UK

3 Implemented4 In Progress1 Pending
  • Legal basis documented for each processing activityImplemented
  • Privacy Policy published and accessiblePending
  • Cookie consent banner (currently no tracking cookies)Implemented
  • Right to erasure endpoint implementedIn Progress
  • Data portability export endpointIn Progress
  • DPAs with all sub-processorsIn Progress
  • International transfer SCCs in placeIn Progress
  • Privacy by design (DTOs, password select:false)Implemented

NDPA / NDPR

Nigeria

1 Implemented1 In Progress3 Pending
  • Lawful basis documented for all processingImplemented
  • Privacy notice published in plain languagePending
  • NITDA-registered DPCO appointedPending
  • Cross-border transfer restrictions complied withIn Progress
  • Annual data protection audit filed with NITDAPending

CCPA / CPRA

California, USA

3 Implemented1 Pending
  • Data not sold to third partiesImplemented
  • Privacy policy discloses categories of dataImplemented
  • Third-party sharing disclosedImplemented
  • Consumer rights request process establishedPending

PCI-DSS

Payment card data

3 Implemented1 Pending
  • Full card numbers never stored on NestFlow serversImplemented
  • Paystack server-side tokenisationImplemented
  • HTTPS enforced on all payment flowsImplemented
  • Annual vulnerability scanning of payment endpointsPending

Pre-Launch Gate

Security baseline checklist

All items below should be confirmed before launching the Service to production.

Security Controls
6 In Progress7 Pending
  • SEC-1.env* files excluded from git; history auditedPending
  • SEC-2All secrets rotated after any potential exposurePending
  • SEC-3JWT algorithm explicitly whitelisted (HS256; no none)In Progress
  • SEC-4Rate limiting enabled on auth and AI endpointsIn Progress
  • SEC-5CORS restricted to production domain allowlistIn Progress
  • SEC-6Helmet middleware applied with security headersIn Progress
  • SEC-7Content Security Policy active on Next.js frontendIn Progress
  • SEC-8npm audit passes with no critical CVEsPending
  • SEC-9Penetration test by qualified third partyPending
  • SEC-12Privacy Policy and Terms reviewed by legal counselPending
  • SEC-13DPAs executed with all sub-processorsPending
  • SEC-14security.txt published at /.well-known/security.txtPending
  • SEC-15GDPR/NDPR right-to-erasure endpoint live and testedIn Progress

Contacts

Key contacts

RoleNameEmailPhone
Data Protection Officer (DPO)Jim Okonmaprivacy@nest-flow-crm.xyz+2349034572737
Chief Information Security Officer[INSERT NAME]security@nest-flow-crm.xyz[INSERT]
Legal Counsel[INSERT NAME / FIRM]legal@nest-flow-crm.xyz[INSERT]
Incident Response Lead[INSERT NAME]incidents@nest-flow-crm.xyz[INSERT]
NITDA Contact (Nigeria)NITDAinfo@nitda.gov.ng+234-9-2900-069

Document version 1.0 , Generated 20 April 2026 from the NestFlow CRM technical architecture.

This documentation reflects the application's data collection practices, third-party integrations (Paystack, Cloudinary, Resend, Meta WhatsApp, OpenAI), user roles, and security controls as of the date above.

Get Started

Ready to modernise your property operation?

Contact the NestFlow team with your business type. We'll respond within 2 hours with a proposal tailored to your requirements.

Speak with our team

Include your business type (apartments, hotel, real estate, etc.) and a brief description of your current setup.

View Live Demo

Response within 2 hours · No commitment required