Privacy Architecture (NDPA & Global Compliance)

Last Updated: July 2026

1. The Sovereign Standard

At ESERIA Systems Ltd., data privacy is not a bureaucratic afterthought; it is a structural guarantee. We engineer our ecosystem—including eseria.org, institute.eseria.org, citadel.eseria.org, and uncaved.eseria.org—to ensure absolute data sovereignty for our Fellows and enterprise partners. This architecture outlines how we collect, process, and protect your information in strict compliance with the Nigerian Data Protection Act (NDPA) 2023 and global privacy standards.

2. Data Controller vs. Data Processor

  • As a Controller: ESERIA Systems Ltd. acts as the Data Controller for the personal information you provide to create an account, purchase ESERIA Credits (ƩC), or enroll in the Citadel Vanguard Academy.
  • As a Processor: When you utilize data.Eseria or our institutional AI orchestration tools to process your own proprietary corporate data, ESERIA acts strictly as a Data Processor. You retain absolute ownership and control over your institutional datasets.

3. Telemetry & Information We Collect

To maintain our 10xB Architecture, we collect specific data points:

  • Identity & Financial: Names, professional emails, and billing history. (Note: Fiat payment processing is handled entirely by CBN-licensed, PCI-DSS compliant gateways. ESERIA does not store raw credit card numbers).
  • Structural Telemetry: Session states, CSRF tokens, and execution speeds required to maintain Next.js 15 routing and Django backend security.
  • Proof of Work: Code submissions, AI interactions, and quiz scores generated within the Citadel to populate the Uncaved registry.

4. The AI Sovereignty Guarantee

We deploy advanced Agentic AI (CrewAI/LangGraph) to accelerate your capacity. We guarantee that your proprietary code, corporate datasets, and private communications submitted to our AI tools are never used to train public foundational AI models (such as those by OpenAI, Google, or Anthropic). Your data remains siloed, secure, and sovereign.

5. Cross-Border Transfers & Sub-Processors

ESERIA operates globally from the Federal Capital Territory, Nigeria. To deliver high-availability edge rendering and unassailable infrastructure, we utilize Tier-1 global sub-processors, primarily Amazon Web Services (AWS) and Google Firebase. By using our platforms, you consent to the secure cross-border transfer of your data. All transfers are executed in strict accordance with NDPC guidelines, ensuring destination environments maintain adequate data protection laws and standard contractual clauses.

6. Data Subject Rights (NDPA 2023)

Under Nigerian law, you possess absolute rights over your digital identity. You have the right to:

  • Access & Portability: Request a cryptographic export of your personal data and Uncaved portfolio.
  • Rectification: Correct any inaccurate structural data on your profile.
  • Erasure (The Right to be Forgotten): Request the total deletion of your profile and historical data, overriding any platform retention, except where legally required for financial auditing.
  • Restrict Processing: Pause our processing of your data while an active audit or dispute is underway.

7. Data Protection Officer (DPO) & Regulatory Contact

We maintain a dedicated protocol for all privacy, compliance, and NDPC-related inquiries. To exercise your rights, report a vulnerability, or initiate a compliance audit, contact our Data Protection Officer directly:

  • Email: dpo@eseria.org
  • Physical Architecture: ESERIA Systems Ltd., Kubwa, Federal Capital Territory, Nigeria.

Regulatory Escalation: If you believe your data rights have been breached, you maintain the right to lodge a formal complaint with the Nigeria Data Protection Commission (NDPC).