Legal

Privacy Policy

Last updated: 20 March 2026

Zeno is committed to protecting your personal data. This policy explains what we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

1. Who We Are

Zeno is operated by Grad Haus Ltd, a company registered in England and Wales (Company No. 16584949). We are the data controller for personal information collected through our WhatsApp banking assistant and website at joinzeno.co.uk.

For data protection queries, contact us at: privacy@joinzeno.co.uk

2. What Data We Collect

We collect the following personal data when you use Zeno:

Identity data: Full name, date of birth (collected during KYC verification)
Contact data: WhatsApp phone number, email address
Financial data: Bank account information accessed via Open Banking, transaction history, account balances
Identity verification data: Government-issued ID documents and selfie images (processed by Veriff)
Usage data: Conversation history, transaction requests, service interactions
Technical data: IP address, device information, timestamps

3. How We Use Your Data

We use your personal data to:

Provide our AI banking assistant service
Process and facilitate payment instructions
Verify your identity and comply with AML/KYC regulations
Detect and prevent fraud and financial crime
Communicate with you about your account and transactions
Improve our services and AI models
Comply with legal and regulatory obligations

4. Legal Basis for Processing

Contract: Processing necessary to provide our services to you
Legal obligation: AML, KYC, and financial regulation compliance
Legitimate interests: Fraud prevention, service improvement, security
Consent: Where you have given explicit consent (e.g. marketing)

5. Open Banking & Third Parties

We use TrueLayer (authorised by the FCA) to access your bank account data via Open Banking. This is read-only access — we cannot move money without your explicit instruction and PIN confirmation.

We use Veriff for identity verification. Your ID documents and biometric data are processed by Veriff under their own privacy policy.

We use Anthropic's Claude AI to process your messages. Conversations may be used to improve AI safety and quality.

6. Data Retention

We retain your personal data for as long as you have an active account, plus a minimum of 6 years after account closure to comply with financial regulations. Identity verification records are retained for 5 years as required by the Money Laundering Regulations 2017.

7. Your Rights

Under UK GDPR, you have the right to:

Access your personal data
Correct inaccurate data
Request deletion (where legally permissible)
Object to processing
Data portability
Withdraw consent at any time

To exercise any of these rights, contact privacy@joinzeno.co.uk. You also have the right to lodge a complaint with the ICO at ico.org.uk.

8. Security

We implement appropriate technical and organisational measures to protect your data, including 256-bit TLS encryption, PIN-protected transactions, and regular security audits.

9. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via WhatsApp message. Continued use of Zeno after changes constitutes acceptance.

10. Contact Us

For any privacy-related queries: privacy@joinzeno.co.uk
Or write to: [Your Company Name] Ltd, [Your Address], United Kingdom