STD-GOV-130: Intellectual Property Management¶
| Field | Value |
|---|---|
| Standard | STD-GOV-130 |
| Title | Intellectual Property Management |
| Status | Draft |
| Owner | CDO |
| Created | 2026-04-03 |
| Review | Annually |
Purpose¶
Define how Simpaisa identifies, protects and manages its intellectual property across technology, data and processes. As a payment gateway operating across six markets, Simpaisa's proprietary algorithms, integration frameworks and fraud models represent significant competitive advantage. This standard ensures IP is classified, protected and not inadvertently disclosed.
Scope¶
All intellectual property created by Simpaisa employees, contractors and partners in the course of their work. Covers source code, algorithms, data models, training data, documentation, processes and trade secrets.
IP Classification¶
Proprietary (Restricted)¶
Core IP that provides competitive advantage. Access restricted to authorised personnel only.
| Asset | Description | Access Level |
|---|---|---|
| Payment routing algorithms | Multi-PSP routing logic, cost optimisation, failover | Engineering leads only |
| Fraud scoring models | ML models, rule sets, training features | Data team + CDO |
| Channel adapter framework | PSP/bank integration abstraction layer and implementations | Engineering team |
| Transaction lifecycle engine | State machine, reconciliation logic, settlement rules | Engineering team |
| Compliance engine | Multi-market regulatory rule evaluation | Engineering + compliance |
| Merchant risk scoring | Onboarding risk assessment algorithms | Data team + CDO |
Confidential (Internal)¶
Valuable but not core competitive IP. Access limited to Simpaisa employees.
| Asset | Description |
|---|---|
| Architecture documentation | System design, C4 diagrams, data flows |
| API specifications | Internal API contracts and schemas |
| Operational runbooks | Incident response, deployment procedures |
| Performance benchmarks | Throughput, latency, capacity data |
| Vendor integration details | PSP-specific configuration, credentials architecture |
Internal (General)¶
General internal information. Available to all Simpaisa staff.
| Asset | Description |
|---|---|
| Engineering standards | Published standards (this repository) |
| ADRs | Architecture decision records |
| Technology radar | Technology lifecycle tracking |
| Meeting notes | ARB minutes, team retrospectives |
Code Ownership¶
- All code in Simpaisa repositories is owned by Simpaisa Holdings.
- This includes code written by employees, contractors and partners during engagement.
- No individual retains IP rights to code written for Simpaisa.
- Code ownership is established via employment contracts and contractor agreements.
Contractor IP¶
Mandatory Contract Clauses¶
All contractor and consulting agreements must include:
- IP assignment — All work product created during the engagement is assigned to Simpaisa.
- Pre-existing IP — Contractor must declare any pre-existing IP brought into the engagement.
- Non-disclosure — Contractor may not disclose Simpaisa's proprietary information for 3 years post-engagement.
- Non-compete (code) — Contractor may not build competing payment gateway using Simpaisa's IP for 2 years.
- Return of materials — All code, documentation and access returned upon engagement end.
Verification¶
- Platform Lead verifies IP assignment clause before contractor gains repository access.
- Contractor access revoked within 24 hours of engagement end (see offboarding checklist).
- Code review of contractor contributions for IP contamination (pre-existing code not licensed to Simpaisa).
Patent Consideration¶
- Annual review: CDO and engineering leads review innovations for patent potential at Q4 ARB meeting.
- Criteria: Novel, non-obvious, commercially valuable, defensible.
- Candidates (current): payment routing optimisation, multi-market compliance automation, real-time fraud scoring pipeline.
- Process: Identify → Document → Legal review → File if warranted.
- Defensive patents: Priority is defensive (prevent patent trolls) over offensive (suing competitors).
Trade Secrets¶
The following are classified as trade secrets and protected accordingly:
- Payment routing decision logic — How Simpaisa selects optimal PSP per transaction.
- Fraud model features — Specific data points and weightings used in fraud detection.
- Channel adapter abstraction — Internal framework for rapid PSP integration.
- Settlement optimisation — Algorithms for optimising settlement timing and batching.
Protection Measures¶
- Trade secrets documented in restricted-access repositories (separate from general engineering repos).
- Access logged and auditable.
- Discussion of trade secrets prohibited in public channels, conferences or publications without CDO approval.
- NDAs required for any external party exposed to trade secrets.
Open Source Boundary¶
Clear separation between open source contributions and proprietary IP:
- See
STD-GOV-129-OPEN-SOURCE-POLICY.mdfor contribution rules. - No proprietary algorithms, business logic or Simpaisa-specific code in open source contributions.
- IP review required before any external code publication.
Incident Response (IP Breach)¶
If proprietary IP is suspected to be leaked or misappropriated:
- Contain — Revoke access of suspected source immediately.
- Assess — Determine scope: what IP, how much, to whom.
- Legal — Engage legal counsel within 24 hours.
- Remediate — Rotate credentials, keys, or secrets if exposed.
- Document — Full incident report for CDO and legal.
Actions¶
| # | Action | Owner | Deadline |
|---|---|---|---|
| 1 | Audit all contractor agreements for IP assignment | CDO | 2026-Q2 |
| 2 | Create restricted repository for trade secret docs | Platform Lead | 2026-Q2 |
| 3 | Conduct first annual patent review | CDO | 2026-Q4 |
| 4 | Establish IP clause template for new contracts | CDO | 2026-Q2 |
References¶
STD-GOV-129-OPEN-SOURCE-POLICY.mdSTD-GOV-131-DATA-CLASSIFICATION-ENFORCEMENT.mdSECRET-MANAGEMENT-STANDARD.md