Back to Safety

Privacy Protocol

Last Updated: February 2026 | Version 2.1 (Institutional Grade)

1. Strategic Commitment to Data Sovereignty

At VectraServe, we treat privacy as a fundamental engineering requirement, not a legal afterthought. This Privacy Protocol outlines our clinical approach to the collection, processing, and protection of institutional and student data. Our commitment to **Data Sovereignty** means that while we provide the infrastructure to host your curriculum and records, the ownership of that data remains exclusively with your institution.

We operate in full compliance with the **Nigeria Data Protection Regulation (NDPR)** and global data security standards. Our architecture is designed to prevent co-mingling of data, ensuring that each academy operates within its own logical silo.

2. Data Acquisition & Processing Logic

We acquire data through three primary vectors: institutional onboarding, student enrollment, and system-level interactions.

  • A

    Institutional Data: Academy names, branding assets, financial sub-account IDs (via Paystack), and curriculum metadata required to power your workspace.

  • B

    Learner Identity Data: Names, verified email addresses, professional license numbers (where applicable for HSE/Medical programs), and cryptographic identifiers for certificate issuance.

  • C

    Transactional Logs: To ensure payout sovereignty, we log transaction success signals from our payment gateway partners. VectraServe does not store primary cardholder data (PAN) or CVVs on its servers.

3. The Vault: Technical Safeguards

All data is housed within our **Institutional Records Vault**, protected by multiple layers of encryption.

Encryption at Rest

Utilizing AES-256 protocols to ensure that even in the event of physical infrastructure compromise, your data remains unreadable.

Data Residency

Aligning with NDPR mandates, we prioritize regional data residency, ensuring that Nigerian institutional data is processed with respect to national jurisdiction.

4. Rights of the Learner (Data Subjects)

Under the NDPR framework, every student on our platform retains the right to:

  • Request access to their historical learning and certification records.
  • Request the correction of inaccurate personal identifiers.
  • Exercise their "Right to be Forgotten," resulting in the deletion of their profile, provided it does not conflict with institutional record-keeping mandates.
  • Withdraw consent for marketing communications without losing access to their paid curriculum.

5. Information Dissemination

VectraServe will never sell, lease, or monetize your personal or institutional data to third-party advertisers. Data is only shared with trusted subprocessors (e.g., Paystack for payments, Resend for transactional email) essential to the delivery of our services. In cases of legal mandate by authorized Nigerian regulators, we will comply only with verified and lawful requests that meet the threshold of due process.

For inquiries regarding this protocol or to exercise your rights under NDPR, contact our Data Protection Officer at privacy@vectraserve.com.