Governance & Compliance Hub

One place to find FidemIt policies, board approvals, and security evidence. Formal policies are version-controlled in markdown inside the repository and published on the routes below for questionnaires and partners.

Public policy pages

Use these URLs when a bank or partner asks for a link. Production base: https://app.fidemit.com

DocumentRouteAudience
AML, CTF & Internal Control Policy
Formal AML, anti-terrorist financing, and internal control policy.
/compliance-policyRegulatory / bank
Information Security Policy
Confidentiality, privacy, hosting, authentication, OWASP, and data security.
/information-security-policyRegulatory / vendor security
AML Policy (user summary)
User-facing summary of AML obligations and KYC requirements.
/aml-policyPublic users
Privacy Policy
How personal data is collected, used, and protected.
/privacyPublic users
Terms of Service
Platform terms and user obligations.
/termsPublic users
Refund Policy
Escrow fee and transaction refund rules.
/refund-policyPublic users
Disclaimer
Legal disclaimers.
/disclaimerPublic users
Security Overview
Marketing overview of security features.
/securityPublic users

Board approvals

Sole Director written resolutions approving compliance and information security policies. View and print for signed submission:

Signed copies and source markdown: FidemIt.App/docs/compliance/BOARD_RESOLUTION_*.md

Internal documentation (repository)

These files are not served as web pages. They are the editable source of truth — update them in git, then sync the matching frontend page when needed. Export to PDF from your editor or print the public policy pages.

Compliance pack (markdown)

FidemIt.App/docs/compliance/

  • README.md — master index and changelog
  • AML_CTF_INTERNAL_CONTROL_POLICY.md
  • INFORMATION_SECURITY_POLICY.md
  • BOARD_RESOLUTION_COMPLIANCE_POLICIES.md
  • BOARD_RESOLUTION_INFORMATION_SECURITY.md

Security governance pack

Fidemit.Api/docs/security/

  • Information Security, Acceptable Use, Access Control policies
  • Risk Management, Incident Response, Backup policies
  • Endpoint and web filtering standards
  • OWASP VAPT reports and runbooks

Operational references

Repository

  • FidemIt.App/KYC.md — KYC tiers and limits
  • FidemIt.App/2FA_IMPLEMENTATION.md — authentication controls
  • FidemIt.Deployment/server/ — server security monitoring

Questionnaire quick pack

When completing a bank or vendor security questionnaire, attach or link:

  1. AML / CTF / Internal Control Policy
  2. Information Security Policy
  3. Privacy Policy
  4. Signed board resolutions
  5. VAPT report: Fidemit.Api/docs/security/OWASP_VAPT_RETEST_REPORT_LOCAL_2026-05-30.md
  6. Paystack PCI attestation (if asked about card data — FidemIt does not store cardholder data)

Master index and changelog: FidemIt.App/docs/compliance/README.md