Governance & Compliance Hub
One place to find FidemIt policies, board approvals, and security evidence. Formal policies are version-controlled in markdown inside the repository and published on the routes below for questionnaires and partners.
Public policy pages
Use these URLs when a bank or partner asks for a link. Production base: https://app.fidemit.com
| Document | Route | Audience |
|---|---|---|
| AML, CTF & Internal Control Policy Formal AML, anti-terrorist financing, and internal control policy. | /compliance-policy | Regulatory / bank |
| Information Security Policy Confidentiality, privacy, hosting, authentication, OWASP, and data security. | /information-security-policy | Regulatory / vendor security |
| AML Policy (user summary) User-facing summary of AML obligations and KYC requirements. | /aml-policy | Public users |
| Privacy Policy How personal data is collected, used, and protected. | /privacy | Public users |
| Terms of Service Platform terms and user obligations. | /terms | Public users |
| Refund Policy Escrow fee and transaction refund rules. | /refund-policy | Public users |
| Disclaimer Legal disclaimers. | /disclaimer | Public users |
| Security Overview Marketing overview of security features. | /security | Public users |
Board approvals
Sole Director written resolutions approving compliance and information security policies. View and print for signed submission:
Signed copies and source markdown: FidemIt.App/docs/compliance/BOARD_RESOLUTION_*.md
Internal documentation (repository)
These files are not served as web pages. They are the editable source of truth — update them in git, then sync the matching frontend page when needed. Export to PDF from your editor or print the public policy pages.
Compliance pack (markdown)
FidemIt.App/docs/compliance/
- README.md — master index and changelog
- AML_CTF_INTERNAL_CONTROL_POLICY.md
- INFORMATION_SECURITY_POLICY.md
- BOARD_RESOLUTION_COMPLIANCE_POLICIES.md
- BOARD_RESOLUTION_INFORMATION_SECURITY.md
Security governance pack
Fidemit.Api/docs/security/
- Information Security, Acceptable Use, Access Control policies
- Risk Management, Incident Response, Backup policies
- Endpoint and web filtering standards
- OWASP VAPT reports and runbooks
Operational references
Repository
- FidemIt.App/KYC.md — KYC tiers and limits
- FidemIt.App/2FA_IMPLEMENTATION.md — authentication controls
- FidemIt.Deployment/server/ — server security monitoring
Questionnaire quick pack
When completing a bank or vendor security questionnaire, attach or link:
- AML / CTF / Internal Control Policy
- Information Security Policy
- Privacy Policy
- Signed board resolutions
- VAPT report:
Fidemit.Api/docs/security/OWASP_VAPT_RETEST_REPORT_LOCAL_2026-05-30.md - Paystack PCI attestation (if asked about card data — FidemIt does not store cardholder data)
Master index and changelog: FidemIt.App/docs/compliance/README.md