Legal

Privacy Policy

Last updated: 24 March 2026

Zeno is committed to protecting your personal data. This policy explains what we collect, how we use it, and your rights under the Nigeria Data Protection Act 2023 (NDPA).

1. Who We Are

Zeno is operated by The 36th Company Ltd, registered in Nigeria (RC:9440452). We are the data controller for personal information collected through our WhatsApp and Telegram banking assistant and website at joinzeno.co.uk.

For data protection queries, contact us at: privacy@joinzeno.co.uk

2. What Data We Collect

We collect the following personal data when you use Zeno:

Identity data: Full name, date of birth (collected during KYC verification)
Contact data: WhatsApp or Telegram user ID, phone number, email address
Financial data: Bank account information accessed via Mono Open Banking, transaction history, account balances
Identity verification data: Government-issued ID documents and selfie images (processed by Stripe Identity)
Usage data: Conversation history, transaction requests, service interactions
Technical data: IP address, device information, timestamps

3. How We Use Your Data

Provide our AI banking assistant service
Process and facilitate payment instructions
Verify your identity and comply with AML/KYC regulations
Detect and prevent fraud and financial crime
Communicate with you about your account and transactions
Improve our services
Comply with legal and regulatory obligations under CBN guidelines

4. Legal Basis for Processing

Contract: Processing necessary to provide our services to you
Legal obligation: AML, KYC, and CBN regulatory compliance
Legitimate interests: Fraud prevention, service improvement, security
Consent: Where you have given explicit consent

5. Open Banking & Third Parties

We use Mono to access your bank account data via Open Banking. This is read-only access — we cannot move money without your explicit instruction and PIN confirmation.

We use Flutterwave to process payments and provide virtual wallet accounts (WEMA Bank).

We use Stripe Identity for identity verification. Your ID documents and biometric data are processed by Stripe under their own privacy policy.

We use Anthropic's Claude AI to process your messages and provide intelligent responses.

6. Data Retention

We retain your personal data for as long as you have an active account, plus a minimum of 6 years after account closure to comply with financial regulations. Identity verification records are retained for 5 years as required by CBN AML regulations.

7. Your Rights

Under the Nigeria Data Protection Act 2023, you have the right to:

Access your personal data
Correct inaccurate data
Request deletion (where legally permissible)
Object to processing
Data portability
Withdraw consent at any time

To exercise any of these rights, contact privacy@joinzeno.co.uk.

8. Security

We implement appropriate technical and organisational measures to protect your data, including 256-bit TLS encryption, PIN-protected transactions, and regular security audits.

9. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via WhatsApp or Telegram message. Continued use of Zeno after changes constitutes acceptance of the updated policy.

10. Contact

The 36th Company Ltd
Email: privacy@joinzeno.co.uk
WhatsApp: +234 903 774 5486