Privacy Policy

1. Introduction

Vendoh Limited ("Company," "we," "us," "our," or "Vendoh") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Services").

Vendoh is a Nigerian services marketplace that connects clients seeking local services with verified service vendors. We operate in accordance with the Nigeria Data Protection Regulation 2019 (NDPR) and the Nigeria Data Protection Act 2023 (NDPA), under the supervision of the National Information Technology Development Agency (NITDA).

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services. By accessing or using Vendoh, you acknowledge that you have read, understood, and agree to be bound by all provisions of this Privacy Policy.

2. Data Controller Information

Data Controller:

Name: Vendoh Limited
Registered Address: Lagos, Nigeria
Registration Number: [Company Registration Number]
Email: privacy@vendoh.com
Data Protection Officer: [DPO Name and Contact]
Contact for Data Protection Requests: dpo@vendoh.com

The Data Protection Officer is responsible for overseeing our data protection compliance and can be contacted for any data protection matters, exercising your rights, or lodging complaints.

3. Scope and Applicability

This Privacy Policy applies to:

The Vendoh mobile application (available on iOS and Android)
The Vendoh website (www.vendoh.com)
All associated services, features, and functionalities
All users of the platform, including clients and vendors

This Policy does not apply to third-party websites, applications, or services that may link to or from Vendoh, even if we provide those links. We are not responsible for the privacy practices of third parties.

4. Information We Collect

We collect personal data in the following categories:

4.1 Information You Provide Directly

Account Registration Information:

Full name
Email address
Phone number (Nigerian format: +234)
Password (encrypted)
Profile photo or avatar
Date of birth

Profile and Identification Information:

Residential or business address
Profile bio or service description
Service categories and specializations
Language preferences
Preferred communication methods

Vendor Verification Data:

National Identification Number (NIN)
Driver's license number or other government-issued ID
Utility bills (electricity, water, gas bills)
Bank account information for payouts
Professional certifications or licenses
Proof of business registration (for vendors)
Photographs for identity verification
Video verification or selfies with ID

Service Information:

Service descriptions and pricing
Service availability and schedules
Service area and locations served
Service ratings and reviews
Portfolio or work samples

Payment Information:

Payment method details (for clients paying for services)
Transaction history and billing addresses
Invoices and receipts
Payment preferences

Communication Data:

In-app messages between clients and vendors
Chat history and conversation content
Call logs (if voice calling feature is enabled)
Support tickets and correspondence
Feedback and complaint submissions

Booking and Service Data:

Service requests and booking details
Service locations and addresses
Scheduled date and time
Service duration and completion status
Special instructions or preferences

4.2 Information Collected Automatically

Location Data:

GPS coordinates (with permission)
Precise or approximate location
Geolocation history during service sessions
Manually entered address information

Device Information:

Device type and model
Operating system and version
Unique device identifier (UDID)
Mobile advertising identifier
IP address
Device settings

App Usage Data:

Features accessed and functionality used
Pages or screens viewed
Time spent on the app
Clicks, searches, and interactions
User interface navigation patterns
Crash reports and error logs

Voice Data:

Voice recordings when using voice command or voice search features
Speech-to-text conversions processed by OpenAI Whisper
Support for Nigerian English and Nigerian Pidgin
Voice interaction logs

Analytics Data:

Session duration and frequency
User behavior and engagement metrics
In-app search queries
Feature adoption and usage statistics

Cookies and Similar Technologies:

Session cookies (temporary, deleted when browser closes)
Persistent cookies (stored on device for future visits)
Web beacons and pixels
Local storage data
Analytics identifiers

4.3 Information from Third Parties

Payment Processors:

Transaction confirmations from OPay and Monnify
Payment status and authorization data
Limited personal data necessary for payment processing

Verification Services:

Identity verification results from third-party verification providers
Background check results (for vendors)
Document authentication status

Cloud Infrastructure:

Log data from Supabase servers
Database access logs
API usage statistics

Other Users:

Reviews and ratings submitted by clients about vendors
Service completion confirmations
Dispute or complaint information

5. Legal Basis for Processing Personal Data

We process your personal data only when we have a lawful legal basis to do so under the NDPR and NDPA. Our legal bases include:

Consent is obtained when you explicitly agree to our terms and conditions
Separate consent is obtained for optional processing activities (marketing, analytics)
Consent is voluntary, specific, informed, and given as a clear affirmative action
You may withdraw consent at any time by contacting our DPO

5.2 Contractual Necessity

Processing is necessary to establish and perform a contract with you
Processing is required to create your account
Processing is necessary to facilitate bookings and service provision
Processing is required to process payments and issue invoices

5.3 Legitimate Interests

Fraud prevention and security
Platform integrity and abuse prevention
Service improvement and optimization
Marketing and service announcements (where not requiring specific consent)
Legal compliance and rights enforcement
Vendor verification to ensure service quality
Safety of the Vendoh community

5.4 Legal Obligation

Compliance with NDPR, NDPA, and other Nigerian laws
Tax and financial reporting obligations
Law enforcement requests and investigations
Court orders and legal proceedings

5.5 Vital Interests

Protection of human life and health (in emergency situations)
Safety of users and the general public

6. How We Use Your Information

We use the personal data we collect for the following purposes:

6.1 Service Provision and Account Management

Creating and maintaining your Vendoh account
Verifying your identity and credentials
Processing service requests and bookings
Matching clients with appropriate vendors based on location and services
Enabling communication between clients and vendors
Processing payments and issuing refunds
Providing customer support and resolving disputes
Sending service-related updates and confirmations

6.2 Vendor Verification and Quality Assurance

Verifying vendor identity using government-issued identification
Authenticating vendor credentials and qualifications
Conducting background checks where permitted
Monitoring service quality through reviews and ratings
Investigating complaints and ensuring platform compliance
Suspending or removing vendors who violate platform policies

6.3 Personalization and Recommendations

Personalizing your Vendoh experience
Generating service recommendations based on your preferences and search history
Customizing content and features to your location and service interests
Storing your service preferences and saved vendors

6.4 Safety, Security, and Fraud Prevention

Detecting and preventing fraudulent transactions
Identifying and preventing unauthorized access
Monitoring suspicious activity and abuse
Enforcing our Terms of Service and other agreements
Protecting against security threats and malicious activity
Conducting security audits and vulnerability assessments

6.5 Communication and Notifications

Sending booking confirmations and service updates
Notifying you of service status changes
Sending promotional offers and new service announcements
Responding to your inquiries and support requests
Sending transactional emails (receipts, invoices, password resets)

6.6 Analytics and Improvement

Analyzing user behavior and platform usage patterns
Identifying trends and areas for improvement
Testing new features and functionality
Measuring the effectiveness of our marketing efforts
Generating statistical reports (anonymized and aggregated)
Optimizing app performance and user experience

6.7 Legal Compliance and Rights Enforcement

Complying with legal obligations under Nigerian law
Responding to law enforcement requests
Enforcing our Terms of Service and other agreements
Protecting the rights, property, and safety of Vendoh, users, and the public
Establishing, exercising, or defending legal claims
Resolving disputes and complaints

6.8 Research and Development

Developing new features and services
Conducting market research
Improving our platform's functionality and security
Training AI and machine learning models (using anonymized data)
Voice AI optimization for Nigerian English and Pidgin

We may share your personal data in the following circumstances:

7.1 Between Clients and Vendors

Clients' names, phone numbers, and service location are shared with vendors when a booking is confirmed
Vendors' names, ratings, and service details are shared with clients during service search and booking
In-app messaging allows direct communication; message content is visible to both parties
Service addresses and locations are shared as necessary to provide the service

7.2 Payment Processors

OPay: Transaction data, phone number, and limited personal information necessary to process payments
Monnify: Similar payment data for payment processing and settlement
Note: We do not store credit card details; payment processors handle this information according to their own privacy policies and security standards

7.3 Cloud Infrastructure and Service Providers

Supabase: All user data (profiles, bookings, messages, verification data) is stored on Supabase servers
Supabase is our Database, Authentication, and Storage provider
Supabase may host servers outside Nigeria, resulting in international data transfer
Data is encrypted in transit and at rest

7.4 Verification and Identity Services

National identification data and documents are shared with third-party verification services to authenticate vendor identity
These services may store verification results for fraud prevention
We select verification partners who comply with data protection standards

7.5 Customer Support and Analytics

Limited data may be shared with customer support platforms and ticketing systems
Aggregated and anonymized analytics data is shared with analytics providers
This data cannot identify individuals

7.6 Law Enforcement and Legal Requirements

Personal data may be disclosed to law enforcement agencies, courts, and government authorities when:
- Required by law, court order, or legal process
- Necessary to protect safety, prevent crime, or investigate illegal activities
- Required for national security purposes
We will provide notice of such disclosures unless legally prohibited

7.7 Business Transfers

In the event of merger, acquisition, bankruptcy, or sale of assets:
- Your personal data may be transferred as part of that business transaction
- We will provide notice and choice regarding such transfers where required
- The acquiring entity must commit to similar data protection standards

7.8 Aggregated and Anonymized Data

We may share aggregated, de-identified data for research, marketing, analytics, and other purposes
This data cannot identify you personally

7.9 Service Improvements and Third-Party Integrations

We may share data with third-party service providers who assist us in:
- Sending emails and notifications
- Hosting and maintaining our infrastructure
- Providing analytics and reporting
- Conducting customer surveys and research
These providers are contractually bound to use data only for specified purposes

8. Data Retention

We retain personal data only for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy. Retention periods are based on:

8.1 Active Accounts

Account information: Retained for the duration of your account and for 2 years after account closure (for legal and compliance purposes)
Profile and verification data: Retained while your account is active; vendor verification data retained for 3 years after vendor exit for compliance and dispute resolution

8.2 Transaction and Booking Data

Booking and service records: Retained for 5 years for tax, accounting, and legal purposes
Payment records and invoices: Retained for 7 years as required by Nigerian tax law
Transaction logs: Retained for 5 years for fraud prevention and dispute resolution

8.3 Communication Data

Chat messages: Retained for the duration of the booking and 1 year thereafter
Support tickets: Retained for 2 years after resolution
Email correspondence: Retained for 3 years or as required by law

8.4 Location Data

GPS and geolocation data: Deleted 30 days after service completion
Location history: Deleted upon user request or account deletion
Manual address entries: Retained as part of booking records per retention schedules above

8.5 Voice Data

Voice recordings: Deleted within 30 days after processing by OpenAI Whisper
Transcripts: Retained according to communication data retention schedule (1 year after service)

8.6 Device and Analytics Data

Device identifiers: Retained for 12 months
IP addresses: Retained for 90 days
Analytics logs: Retained for 12 months (aggregated data retained indefinitely)
Cookies: Session cookies deleted upon browser close; persistent cookies deleted after 12 months of inactivity

8.7 Verification and Identity Data

Vendor NIN and identification: Retained for 3 years after vendor account closure
Background checks: Retained for 3 years
Utility bills and supporting documents: Deleted 90 days after verification completion (unless required for dispute resolution)

8.8 Aggregated Data

Anonymized and aggregated data: Retained indefinitely (cannot identify individuals)

When data is no longer needed, we securely delete or anonymize it, except where:

Longer retention is required by law
Legal claims or disputes are pending
Retention is necessary for fraud prevention or security

Users may request deletion of their personal data subject to legal and contractual obligations (see Section 10 - Your Rights).

9. Data Security Measures

We implement industry-standard security measures to protect your personal data from unauthorized access, alteration, disclosure, and destruction:

9.1 Technical Security Measures

Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
Encryption at Rest: Sensitive data stored in databases is encrypted using AES-256 encryption
Password Security: Passwords are hashed using industry-standard algorithms (bcrypt); we never store plain-text passwords
API Security: Access to our APIs requires authentication tokens; rate limiting prevents brute-force attacks
Database Security: Database access is restricted to authorized systems; unused services are disabled

9.2 Access Controls

Role-Based Access Control (RBAC): Employees only access data necessary for their roles
Principle of Least Privilege: Staff are granted minimum necessary permissions
Access Logs: All database access is logged and monitored for unusual activity
Two-Factor Authentication (2FA): Staff accounts with access to sensitive data use 2FA

9.3 Organizational Security Measures

Data Protection Training: All staff receive annual data protection and security training
Background Checks: Staff with access to personal data undergo background checks
Confidentiality Agreements: All employees and contractors sign confidentiality agreements
Vendor Agreements: Third-party service providers sign Data Processing Agreements (DPA) ensuring compliance

9.4 Incident Response and Breach Notification

Incident Response Plan: We have a documented plan to respond to data breaches
Breach Notification: In the event of a data breach, we will notify affected individuals and NITDA as required by NDPR
Documentation: We maintain records of all data processing activities and incidents

9.5 Physical Security

Server Security: Servers hosting Supabase infrastructure are protected by physical security measures
Facility Access: Access to our offices is restricted to authorized personnel
Secure Disposal: Paper documents containing personal data are securely shredded

9.6 Network Security

Firewalls and Intrusion Detection: Network firewalls and intrusion detection systems monitor suspicious activity
DDoS Protection: We employ DDoS mitigation to protect against denial-of-service attacks
Regular Security Audits: We conduct regular security assessments and penetration testing

Important Note: No security measures are 100% effective. While we strive to protect your data, we cannot guarantee absolute security. You use Vendoh at your own risk.

10. Your Rights Under NDPR and NDPA

You have the following rights regarding your personal data. To exercise these rights, contact our Data Protection Officer at dpo@vendoh.com or through the settings in your Vendoh account:

10.1 Right of Access

You have the right to obtain confirmation of whether we process your personal data
You can request a copy of your personal data in a structured, commonly used format
We will provide this information free of charge within 30 days of your request
Additional copies may be subject to reasonable fees

10.2 Right to Rectification

You have the right to correct inaccurate, incomplete, or outdated personal data
You can update your information directly in your Vendoh account settings
You can request corrections through our support system or DPO
We will correct data and notify relevant third parties within 30 days where practicable

10.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data if:
- The data is no longer necessary for the purposes collected
- You withdraw consent and no other legal basis exists
- You object to processing and no compelling legitimate interest exists
- The data was processed unlawfully
- Deletion is required by law
We may decline deletion if:
- Data is necessary to fulfill contractual obligations
- Data must be retained for legal compliance (tax, dispute resolution)
- Data is necessary for fraud prevention or security
- Deletion would harm others' rights and freedoms
We will respond within 30 days and explain any reasons for refusing deletion

10.4 Right to Restrict Processing

You can request that we limit processing of your data to:
- Storage only (while accuracy or legality is contested)
- Specific purposes only
- Legitimate use for legal claims
During the restriction period, we will not use the data except as necessary
We will notify you before lifting restrictions

10.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON)
You can transmit this data to another service provider
This applies to data you provided and data generated from your activity
We will provide data within 30 days at no cost

10.6 Right to Object

You have the right to object to processing of your personal data:
- For direct marketing (promotional emails, SMS, push notifications)
- For analytics and profiling
- For legitimate interest processing (except where necessary for legal obligations)
We will stop processing within 30 days unless we demonstrate compelling legitimate interests
You can object through account settings or by contacting our DPO

You have the right to opt-out of decisions based solely on automated processing
You can request human review of automated decisions that significantly affect you
We will ensure meaningful human involvement in such decisions

Where we process data based on consent, you can withdraw that consent at any time
Withdrawal does not affect past processing; ongoing processing will cease
Withdrawal may affect your ability to use certain features of Vendoh
Contact our DPO to withdraw consent

10.9 Right to Lodge a Complaint

You have the right to lodge a complaint with NITDA if you believe we have violated your data protection rights
NITDA Contact:
- Address: Plot 17A, Akinjide Oshuntuyi Avenue, Durumi District, Abuja
- Email: [NITDA Email]
- Phone: [NITDA Phone]
- Website: www.nitda.gov.ng

10.10 How to Exercise Your Rights

To exercise any of the above rights:

Submit a written request to our Data Protection Officer at dpo@vendoh.com
Include your name, email, phone, and a clear description of your request
Provide any relevant supporting documentation
We will respond within 30 days
If needed, we may request verification of your identity before processing your request
We will not charge fees unless requests are frivolous or excessive

11. Children's Privacy

Vendoh is not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18. If we discover that we have collected data from a child under 18, we will delete that data immediately.

We do not offer services to children under 18
Service providers (vendors) must be at least 18 years old
Parents or guardians should not allow children to use Vendoh
If you believe a child's data has been collected, please contact us immediately at privacy@vendoh.com

12. Cross-Border Data Transfers

Vendoh operates in Nigeria; however, your personal data may be transferred to and processed in countries outside Nigeria, including:

12.1 Cloud Infrastructure (Supabase)

Supabase servers may be located outside Nigeria (including the European Union and other jurisdictions)
Your data may be stored, processed, and accessed by Supabase systems and staff in multiple countries
Supabase complies with GDPR, CCPA, and other international data protection standards
Data is encrypted in transit and at rest

12.2 Payment Processors

OPay and Monnify may process transaction data in their respective operational locations
These processors have their own privacy policies and security standards
We ensure they comply with international data protection standards

12.3 Verification Services

Third-party verification services may be located in different countries
These services process data according to their own privacy policies

12.4 Legal Basis for International Transfers

We transfer data based on:
- Your consent
- Contractual necessity (to fulfill bookings and payments)
- Adequacy determinations (where recipient countries meet NDPR standards)
- Standard contractual clauses (Data Processing Agreements)
- Your explicit authorization

12.5 Your Acknowledgment

By using Vendoh, you acknowledge and accept that your personal data may be transferred to and processed in countries outside Nigeria. You understand that data protection laws in other countries may differ from Nigerian law.

13. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to enhance your Vendoh experience:

13.1 Types of Cookies We Use

Essential/Functional Cookies:

Session cookies that maintain your login status
Cookies that remember your preferences and settings
Cookies required for security and platform functionality
These cookies are necessary; you cannot disable them without affecting functionality

Performance/Analytics Cookies:

Cookies that measure how you interact with Vendoh
Data on pages visited, features used, and time spent
Help us identify trends and improve our platform
Anonymized and aggregated

Advertising/Marketing Cookies:

Cookies used to track your interests for personalized service recommendations
Cookies shared with advertising partners (if you opt-in)
Allow us to measure marketing campaign effectiveness

You can control cookies through your browser settings
Most browsers allow you to refuse cookies or alert you when cookies are sent
Disabling cookies may affect your ability to use Vendoh
Local storage and app-specific data cannot be controlled through browser settings

13.3 Advertising and Third-Party Tracking

We may share limited data with advertising and analytics partners
This data is used to:
- Measure effectiveness of marketing campaigns
- Display relevant service recommendations
- Understand user demographics and interests
You can opt-out of personalized advertising in your account settings

13.4 Do Not Track (DNT) Signals

Some browsers include DNT features
Our platform does not currently respond to DNT signals
We continue to collect data for platform functionality, fraud prevention, and service improvement

14. Marketing and Communications

We may send you marketing communications about new services, features, promotions, and special offers:

14.1 Types of Communications

Email Marketing: Promotional emails about new vendors, services, or features
SMS Marketing: Text messages with offers and updates (Nigerian phone numbers)
Push Notifications: In-app notifications about promotions and updates
Transactional Communications: Booking confirmations, payment receipts, support responses

Marketing Consent: You will be asked to opt-in to marketing communications during account creation
Opt-Out Options:
- Click "Unsubscribe" in any marketing email
- Reply "STOP" to SMS messages
- Disable push notifications in app settings
- Update communication preferences in your account
Opt-Out Timeframe: We will honor opt-outs within 7 days

14.3 Transactional Communications

Transactional messages (confirmations, receipts, support responses) are not marketing
You cannot opt-out of transactional communications if you want to use Vendoh
These messages are essential for account and service management

14.4 Marketing Personalization

We use your browsing history, service preferences, and location to personalize marketing
You can disable personalized marketing in your settings without unsubscribing
You can object to profiling at any time

15. Third-Party Links and Services

Vendoh may contain links to third-party websites, applications, and services:

We are not responsible for the privacy practices of linked websites
Third-party privacy policies: Each third party has its own privacy policy; we encourage you to review them
Third-party services include: Payment processors, verification services, cloud providers
Your use of third-party services is governed by their terms and privacy policies, not this Privacy Policy
We are not liable for any harm or data misuse by third parties

16. Changes to This Privacy Policy

We may update this Privacy Policy to:

Reflect changes in our data practices
Comply with new laws or regulations
Improve clarity or add new information
Respond to user feedback

16.1 Notification of Changes

Notice Method: We will notify you of material changes through:
- Email notification to your registered email address
- In-app notification or pop-up
- Updated "Last Updated" date on this policy
Notice Timeframe: We will provide at least 30 days' notice before material changes take effect
Your Acceptance: Continued use of Vendoh after changes means you accept the updated policy

16.2 Review History

This is Version 1.0, Last Updated March 2026
We will maintain a change log for significant updates

17. Contact Information

For questions, concerns, or requests regarding this Privacy Policy and your personal data:

17.1 Data Protection Officer

Name: [DPO Name]
Email: dpo@vendoh.com
Phone: [Phone Number]
Address: Vendoh Limited, Lagos, Nigeria
Response Time: 30 days for data subject rights requests; 7-10 business days for inquiries

17.2 Privacy Inquiries

Email: privacy@vendoh.com
In-App Support: Use the "Help" or "Contact Us" feature in the Vendoh app
Mailing Address: Vendoh Limited, Lagos, Nigeria

17.3 Regulatory Authority (NITDA)

If you wish to lodge a complaint about our data practices:

Entity: National Information Technology Development Agency (NITDA)
Address: Plot 17A, Akinjide Oshuntuyi Avenue, Durumi District, Abuja, Nigeria
Email: [NITDA Email]
Phone: [NITDA Phone]
Website: www.nitda.gov.ng

18. Legal Basis and Regulatory Compliance

This Privacy Policy is designed to comply with:

18.1 Nigerian Data Protection Laws

Nigeria Data Protection Regulation 2019 (NDPR): Establishes principles for lawful, fair, and transparent data processing; defines data subject rights; outlines obligations for data controllers and processors
Nigeria Data Protection Act 2023 (NDPA): Provides updated framework and enforcement mechanisms
Supervisory Authority: National Information Technology Development Agency (NITDA)

18.2 Other Applicable Laws

Electronic Communications and Cyber Security (EC3N) Act: Governs electronic communications and cybersecurity
Computer Misuse and Cyber Crimes Act: Addresses data security and unauthorized access
Tax Laws: Regarding retention of financial records (7 years)
Consumer Protection Laws: Where applicable to consumer transactions

19. Data Protection Impact Assessment

We conduct Data Protection Impact Assessments (DPIA) for processing activities that may pose high risk:

High-Risk Processing: Vendor verification using biometric data, location tracking, voice data processing
Assessment Scope: Purpose, necessity, proportionality, risks, and safeguards
Review Frequency: Annually and whenever processing activities change significantly
Documentation: Records maintained and available for regulatory review

By using Vendoh, you:

Acknowledge that you have read and understood this Privacy Policy
Consent to our collection, use, and disclosure of your personal data as described
Accept the processing of your data for the purposes outlined
Understand that some features require certain data (e.g., location for vendor matching)
Agree to the terms, conditions, and data practices described
Confirm that you are at least 18 years old and have the legal capacity to agree

If you do not agree with these terms, you must not use Vendoh.

21. Interpretation and Severability

Headings: Section headings are for convenience only and do not affect interpretation
Definitions: Capitalized terms not defined here have the meanings assigned in our Terms of Service
Severability: If any provision is found invalid, the remaining provisions continue in effect
No Waiver: Failure to enforce a right does not constitute waiver of that right
Entire Agreement: This Privacy Policy, together with our Terms of Service, constitutes the entire agreement regarding data processing

22. Final Statement

Your privacy is important to us. We are committed to transparent, fair, and lawful data processing practices that respect your rights and comply with Nigerian data protection laws. We will continuously review and improve our practices to maintain your trust.

If you have any questions or concerns about how we handle your personal data, please do not hesitate to contact our Data Protection Officer.

End of Privacy Policy

Document Version: 1.0 Last Updated: March 2026 Next Review Date: March 2027 Approved By: [Legal/Compliance Lead Name] Status: Draft — Awaiting Legal Review and Board Approval