ZENDA AFRICA PRIVACY POLICY

Effective Date: January 2026

1. DATA CONTROLLER & SCOPE

This Privacy Policy describes how Zenda Africa Technology Ltd (“Zenda,” “we,” “us,” or “our”) collects, uses, and protects your personal data. This policy applies to all users of the Zenda app, website, and payment services. We act as a Data Controller under the Nigeria Data Protection Act (NDPA) and other applicable regional laws.

2. DATA WE COLLECT

To provide financial services, we collect several categories of information:

• Identity Data: Full name, date of birth, gender, and nationality.

• Government Identifiers: Bank Verification Number (BVN), National Identification Number (NIN), and copies of government-issued IDs (Passport, Driver’s License). Note: We do not store your BVN password or PIN; we use these only for identity validation via secure regulatory gateways.

• Contact Data: Email address, phone number, and residential address.

• Financial Data: Virtual account numbers, wallet balances, and linked debit card details (processed via PCI-DSS compliant partners).

• Transaction Data: Details of transfers (sender/receiver info), bill payments, USD virtual card usage, and P2P history.

• Technical Data: IP address, device type, unique device ID, and geo-location (required for fraud prevention).

3. HOW WE USE YOUR DATA

We process your data based on Contractual Necessity, Legal Obligation, and Legitimate Interest:

• KYC & Onboarding: To verify your identity and comply with Anti-Money Laundering (AML) laws.

• Service Delivery: To process your transfers, generate USD virtual cards, and fund your wallet.

• Fraud Prevention: To monitor for suspicious activity and secure your funds.

• Communication: To send transaction alerts, security updates, and customer support responses.

• Legal Compliance: To share necessary reports with regulatory bodies like the Central Bank or Financial Intelligence Units.

4. DATA SHARING & THIRD PARTIES

We do not sell your data. We only share it with:

• Regulatory Authorities: When required by law (e.g., CBN, NDPC, or law enforcement).

• Banking Partners: To facilitate virtual account generation and international remittances.

• Card Issuers: To generate and manage your USD virtual cards (e.g., Visa/Mastercard partners).

• Verification Services: To validate your BVN, NIN, or address.

5. INTERNATIONAL DATA TRANSFERS

As Zenda Africa facilitates international transfers, your data may be processed in countries outside your residence. We ensure that these transfers occur only to jurisdictions with adequate data protection laws or under Standard Contractual Clauses (SCCs) that guarantee your privacy rights.

6. DATA SECURITY

We implement enterprise-grade security, including:

• AES-256 Encryption for data at rest.

• TLS/SSL Encryption for data in transit.

• Two-Factor Authentication (2FA) for all sensitive account actions.

• Regular Audits: Periodic security assessments to identify and mitigate vulnerabilities.

7. YOUR DATA RIGHTS

Under the NDPA and GDPR, you have the right to:

• Access: Request a copy of the data we hold about you.

• Rectification: Correct inaccurate or incomplete information.

• Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention periods for financial records).

• Object/Restrict: Opt-out of marketing or limit how we process your data.

• Portability: Request that we transfer your data to another service provider.

8. DATA RETENTION

In accordance with financial regulations, we are required to retain your transaction records and identity data for a minimum of [6 to 10] years after your account is closed to comply with AML/CFT laws. After this period, data is securely deleted or anonymized.

9. CONTACT OUR DATA PROTECTION OFFICER (DPO)

If you have questions about your privacy or wish to exercise your rights, contact our DPO:

• Email: support@zendaafrica.com

• Address: 29 Ogundana Street, Allen Avenue Ikeja Lagos State Nigeria 100001