Compliance

Our Commitment to Compliance

At Baseflow, we understand that compliance is not just about checking boxes—it's about building trust with our customers and ensuring their data is handled responsibly. We continuously monitor regulatory developments and update our practices accordingly.

Data Protection Principles

We adhere to core data protection principles:

• Lawfulness, Fairness, and Transparency: We process data lawfully and are transparent about our practices.
• Purpose Limitation: Data is collected for specific, explicit purposes and not processed incompatibly.
• Data Minimization: We only collect data that is necessary for the stated purposes.
• Accuracy: We take steps to ensure personal data is accurate and kept up to date.
• Storage Limitation: Data is retained only as long as necessary for its purpose.
• Integrity and Confidentiality: We implement appropriate security measures to protect data.

Electronic Signature Compliance

Our electronic signature capabilities are designed to comply with e-signature laws across multiple jurisdictions:

• Nigeria: Nigerian Evidence Act 2011 recognizes electronic signatures for most business transactions.
• South Africa: Electronic Communications and Transactions Act (ECTA) provides legal recognition.
• Kenya: Kenya Information and Communications Act supports electronic signatures.
• Ghana: Electronic Transactions Act provides framework for e-signatures.
• European Union: eIDAS Regulation for cross-border electronic transactions.
• United States: ESIGN Act and UETA for domestic transactions.

Industry-Specific Compliance

We support compliance requirements across various industries:

• Financial Services: Support for CBN regulations and financial data handling requirements.
• Healthcare: Features to support health data protection requirements.
• Legal: Audit trails and evidence preservation for legal validity.
• Government: Support for public sector procurement and transparency requirements.

Data Processing Agreements

We offer Data Processing Agreements (DPAs) for customers who require them. Our DPA covers:

• Nature and purpose of processing
• Types of personal data processed
• Duration of processing
• Sub-processor management
• Security measures
• Data subject rights support
• Cross-border transfer mechanisms

Sub-Processors

We carefully vet all sub-processors and maintain a list of approved vendors. Our sub-processors are contractually bound to provide the same level of data protection as Baseflow. Key sub-processors include:

• Cloud infrastructure providers (hosting and storage)
• Payment processors (Paystack, Flutterwave, Stripe)
• Email service providers
• Analytics services
• Customer support tools

International Data Transfers

When transferring data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions where applicable
• Binding Corporate Rules for intra-group transfers
• Data localization options for specific regulatory requirements