Privacy Policy

This policy applies to all users of the NDVS platform at id.lawsan.org, including students, coordinators, and administrators. It describes the personal data we collect, why we collect it, how we protect it, and your rights regarding that data.

By registering for or using the NDVS, you consent to the collection and processing of your personal data as described in this policy. This policy should be read together with our Terms & Conditions.

The data controller for the NDVS is the LAWSAN National Identity Commission (LANIC), operating under the authority of the Law Students’ Association of Nigeria (LAWSAN), 9th Administration.

• National Director: Candy Morenike Ejoh
• Deputy Director & Tech Lead: Mathias Bala
• Contact: lanic@lawsan.org

We collect the following categories of personal data when you register and use the NDVS:

We do not collect financial information, biometric data (beyond photographs), location data, or social media profiles.

We process your personal data for the following purposes:

• Membership verification — To verify that you are a bona fide law student at a Nigerian university and issue your LAWSAN Identification Number (LIN). Legal basis: Legitimate interest, consent.
• Platform operation — To provide account access, send transactional notifications (verification status, password resets), and maintain the integrity of the database. Legal basis: Performance of service, consent.
• Public verification — To allow third parties (event organisers, election committees, LAWSAN chapters) to verify your membership status using your LIN. Legal basis: Legitimate interest, consent.
• Analytics & reporting— To generate aggregate, anonymised statistics about LAWSAN’s membership (e.g. total verified members per zone). Individual records are never used in public-facing analytics. Legal basis: Legitimate interest.
• Audit & compliance — To maintain an immutable activity log for accountability and to detect fraudulent registrations. Legal basis: Legitimate interest, legal obligation.

We will never use your personal data for marketing, advertising, profiling, or any purpose unrelated to LAWSAN’s institutional operations.

Your data is stored securely using the following measures:

• Database: PostgreSQL database hosted on a secure, managed platform with encryption at rest and in transit (TLS/SSL).
• Documents: Uploaded files (student IDs, passport photos) are stored in Cloudflare R2 object storage with access-controlled URLs.
• Passwords:Stored using Django’s PBKDF2 hashing algorithm. We never store or transmit passwords in plain text.
• Access control: Role-based access ensures coordinators only see students within their assigned scope (zone or institution). Student documents are not accessible to the public.
• Authentication: JWT tokens with short-lived access tokens (15 minutes) and rotating refresh tokens.

While we implement industry-standard security measures, no system is 100% secure. If you suspect a data breach, contact us immediately at lanic@lawsan.org.

We do not sell, rent, or trade your personal data. We may share data with:

• LANIC Coordinators — Zonal Directors and Campus Directors can view student registrations within their scope for verification purposes.
• LAWSAN National Executive Council (NEC) — NEC administrators may access aggregate data and individual records for official LAWSAN business.
• Infrastructure providers — Our hosting, database, and email providers process data on our behalf under strict data processing agreements. These include Railway, Neon, Cloudflare, and Brevo.
• Legal requirements — We may disclose data if required by Nigerian law, a court order, or a regulatory authority.

We will never share your personal data with commercial third parties, advertisers, or data brokers.

The NDVS provides a public verification endpoint that allows anyone to confirm a member’s status using their LIN. The public verification response includes:

• Full name
• Institution
• Level
• Passport photo (if uploaded)
• Verification date

The following data is never exposed through public verification:

• Email address
• Phone number
• Matric number
• Date of birth
• Student ID document

This design ensures that verification is possible without compromising your private information.

We retain your data as follows:

• Active accounts: Data is retained for as long as your account is active and your LIN is valid.
• LIN records: LINs are permanent institutional records and are retained indefinitely, even after graduation. This is necessary for the integrity of the database as a historical record of LAWSAN membership.
• Verification documents: Student ID documents and passport photos may be deleted upon request after verification is complete, as they have served their purpose.
• Activity logs: Audit logs are retained indefinitely for accountability and compliance purposes.
• Deleted accounts: If you request account deletion, personally identifiable data (email, phone, date of birth) will be anonymised or deleted within 30 days. Your LIN record will be retained in anonymised form.

Under the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Regulation (NDPR), you have the following rights:

• Right of access — You may request a copy of the personal data we hold about you.
• Right to rectification — You may request correction of inaccurate or incomplete data.
• Right to erasure — You may request deletion of your personal data, subject to legitimate retention requirements (e.g. LIN records for institutional continuity).
• Right to data portability — You may request your data in a structured, commonly used format.
• Right to object — You may object to certain processing of your data based on legitimate interest.
• Right to withdraw consent — Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at lanic@lawsan.org. We will respond within 30 days.

The NDVS does not use third-party cookies or tracking technologies. We use browser local storage solely to maintain your authentication session (JWT tokens). This data is:

• Stored only on your device.
• Not transmitted to any third party.
• Automatically cleared when you sign out.

The NDVS is intended for undergraduate law students, who are typically 16 years of age or older. We do not knowingly collect data from children under 16. If you believe a child under 16 has registered, please contact us so we can take appropriate action.

Your data may be processed by infrastructure providers located outside Nigeria (e.g. cloud hosting, email delivery). In such cases, we ensure that appropriate safeguards are in place, including data processing agreements that require the recipient to protect your data to a standard equivalent to the NDPA/NDPR.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the platform. The “Last updated” date at the top of this page indicates when the policy was last revised.

Your continued use of the NDVS after changes are published constitutes acceptance of the revised policy.

If you have questions, concerns, or complaints about this Privacy Policy or the processing of your personal data, contact:

• LANIC National Office: lanic@lawsan.org

If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).