Compliance

We are NDPR-compliant in our handling of personal data. Data Subject Access Requests are processed via dpo@tavestack.com. Annual NDPR audit reports are filed with the NDPC by our DPO.

We act as a Data Processor under GDPR for EU-resident customers. Standard Contractual Clauses are signed with all sub-processors. EU customers can request a Data Processing Agreement (DPA) at any time.

TaveStack maintains SOC 2 Type II certification covering Security, Availability, and Confidentiality. The most recent report is available to customers under NDA.

ISO 27001 certification is on the 2026 roadmap. Gap assessment complete; remediation underway. Certificate target: Q4 2026.

TaveStack does not store card data. Payment integrations (Paystack, Flutterwave, Stripe) handle PCI scope on our behalf. We maintain SAQ-A scope where applicable.

Financial Services customers operating under CBN supervision can enable in-country data residency, regulator-friendly logging, and statutory reporting templates.

Enterprise customers receive on-demand evidence packs (control matrix, sub-processor list, security questionnaire responses) through the Trust Center.

trust.tavestack.com publishes our certifications, sub-processor list, security whitepaper, status page, and data residency options. Bookmark it for vendor reviews.