Sovereign Compliance Gateway — Verifiable Payment-Data Residency
Pure-software middleware that gives Nigerian financial institutions provable, continuously-verifiable compliance with the CBN payment-data-residency mandate — where the operator itself is in the threat model.
Banks already have to localise the data; what they cannot easily do is prove it, continuously, in a form CBN accepts under sanction. That gap is the product. The gateway observes where payment data lives out-of-band — never in the payment path — classifies and cryptographically attests each residency decision, chains those attestations into a tamper-evident RFC 6962 transparency log, and renders the CBN return, such that a regulator can verify any transaction's compliance without trusting the bank or the vendor.
The trust plane is built so the operator cannot cheat: witnessed N-of-M quorum and threshold co-signing make non-equivocation and history tampering detectable, and a standalone verifier checks every proof against a pinned public key. One vendor-neutral codebase — no bank, cloud, or data format named in the fixed core — serves one institution or fifty through a multi-tenant central plane, with every environment-specific concern behind a pluggable seam.
A security-audited, sanitizer-clean reference implementation of verify-don't-trust residency compliance. Delivered as source, sold outright.