Privacy Policy

At Zlude, we are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, share, and protect your information when you use our money transfer services worldwide.

By using Zlude's services, you agree to the collection and use of information in accordance with this policy. We encourage you to read this policy carefully to understand our practices regarding your personal data.

We collect several types of information to provide and improve our services:

Personal Information

• Full name, aliases, and previous names
• Contact details (email, phone number, physical address, postal address)
• Government-issued identification documents (passport, national ID, driver's license)
• Date of birth, place of birth, and nationality
• Employment information, occupation, and income details
• Next of kin and emergency contact information
• Biometric data (where legally permitted and necessary for verification)

Financial Information

• Bank account details, mobile money accounts, and payment method information
• Transaction history, amounts, frequencies, and patterns
• Source of funds and purpose of transactions
• Credit history and risk assessment data
• Currency exchange preferences and history
• Beneficiary information for money transfers

Technical Information

• Device information (device ID, model, operating system)
• IP addresses and network information
• Browser type, version, and settings
• Usage patterns, session data, and interaction logs
• Location data (with your consent) including GPS coordinates
• Cookies, web beacons, and similar tracking technologies
• App usage analytics and performance data

Compliance and Verification Data

• Know Your Customer (KYC) documentation and verification results
• Anti-Money Laundering (AML) screening results
• Sanctions list screening and politically exposed person (PEP) checks
• Risk scoring and fraud prevention data
• Regulatory reporting information

Communication Data

• Customer service interactions and support tickets
• Marketing preferences and communication history
• Survey responses and feedback
• Social media interactions (where applicable)

We use your information for the following purposes, based on legal grounds including contract performance, legal compliance, legitimate interests, and consent:

Service Provision and Account Management

• Processing money transfers and currency exchanges
• Maintaining and managing your account
• Verifying your identity and eligibility for services
• Calculating fees, exchange rates, and transaction limits
• Providing customer support and resolving issues

Legal and Regulatory Compliance

• Meeting Know Your Customer (KYC) and Customer Due Diligence requirements
• Conducting Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) screening
• Reporting to regulatory authorities as required by law
• Complying with sanctions screening and politically exposed person (PEP) checks
• Maintaining records for audit and regulatory examination
• Responding to legal requests and court orders

Security and Fraud Prevention

• Detecting and preventing fraudulent transactions
• Monitoring for suspicious activity and unusual patterns
• Securing your account and personal information
• Conducting risk assessments and scoring
• Implementing security measures and access controls

Communication and Customer Service

• Sending transaction confirmations and receipts
• Providing service updates and important notices
• Responding to inquiries and support requests
• Sending marketing communications (with your consent)
• Conducting customer satisfaction surveys

Service Improvement and Analytics

• Analyzing usage patterns to improve our services
• Developing new features and functionality
• Conducting market research and trend analysis
• Optimizing user experience and interface design
• Measuring service performance and reliability

Business Operations

• Managing business relationships with partners and vendors
• Conducting internal audits and quality assurance
• Planning and forecasting business activities
• Protecting our legal rights and interests
• Facilitating business transactions and corporate activities

We may share your information in the following circumstances:

• Service Providers: With trusted third parties who assist in service delivery
• Regulatory Bodies: To comply with legal and regulatory requirements
• Financial Partners: With banks and payment processors to complete transactions
• Legal Requirements: When required by law or to protect our rights

We do not sell your personal information to third parties for marketing purposes.

We implement comprehensive security measures to protect your information throughout its lifecycle:

Technical Security Measures

• Encryption: End-to-end encryption for sensitive data transmission and storage
• Access Controls: Multi-factor authentication and role-based access systems
• Network Security: Firewalls, intrusion detection, and secure network protocols
• Data Masking: Anonymization and pseudonymization of sensitive information
• Secure APIs: Protected application programming interfaces with authentication

Operational Security Measures

• Security Audits: Regular internal and external security assessments
• Monitoring: 24/7 security monitoring and incident response
• Vulnerability Management: Regular security updates and patch management
• Backup and Recovery: Secure data backup and disaster recovery procedures
• Physical Security: Secure data centers with restricted access

Organizational Security Measures

• Employee Training: Regular data protection and security awareness training
• Background Checks: Security screening for employees with data access
• Confidentiality Agreements: Binding agreements for all staff and contractors
• Incident Response: Established procedures for security breach management
• Third-Party Security: Due diligence and security requirements for vendors

Compliance and Certification

• ISO 27001 Information Security Management System certification
• PCI DSS compliance for payment card data handling
• SOC 2 Type II compliance for service organization controls
• Regular penetration testing and security assessments

Data Breach Response

In the event of a data breach, we will:

• Contain and assess the breach within 24 hours
• Notify relevant supervisory authorities within 72 hours where required
• Inform affected individuals without undue delay if high risk is involved
• Provide clear information about the breach and remedial actions
• Conduct thorough investigation and implement preventive measures

You have the following rights regarding your personal information, subject to applicable laws and regulatory requirements:

Access and Information Rights

• Right to Access: Request copies of your personal data we hold
• Right to Information: Understand how your data is processed and shared
• Right to Confirmation: Confirm whether we process your personal data

Correction and Update Rights

• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Update: Modify your account information and preferences

Deletion and Restriction Rights

• Right to Erasure: Request deletion of your data (subject to legal and regulatory retention requirements)
• Right to Restriction: Limit how we process your information in certain circumstances

Portability and Objection Rights

• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to certain uses of your information, including marketing
• Right to Withdraw Consent: Withdraw consent for processing based on consent

Exercising Your Rights

To exercise these rights, please contact us using the information provided in the contact section. We will:

• Respond to your request within the timeframes required by applicable law
• Verify your identity before processing requests
• Explain any limitations due to legal or regulatory requirements
• Provide information about your right to lodge complaints with supervisory authorities

Limitations and Exceptions

Some rights may be limited by legal and regulatory requirements, including:

• Financial services regulations requiring data retention
• Anti-money laundering and counter-terrorism financing laws
• Tax reporting and audit requirements
• Legal proceedings and dispute resolution needs

As a global money transfer service, we may transfer your data across borders to:

• Complete international money transfers and currency exchanges
• Comply with regulatory requirements in different countries
• Provide customer support across our network
• Conduct fraud prevention and risk assessment
• Maintain centralized compliance and audit systems

Data Transfer Safeguards

We ensure appropriate safeguards are in place for international data transfers, including:

• Adequacy Decisions: Transfers to countries with adequate data protection levels
• Standard Contractual Clauses: Binding agreements with data processors and partners
• Binding Corporate Rules: Internal policies ensuring consistent data protection
• Certification Schemes: Compliance with recognized international standards
• Encryption: End-to-end encryption for all cross-border data transmissions

Regional Data Localization

Where required by local laws, we maintain data processing facilities within specific jurisdictions:

• Customer data may be stored locally to comply with data residency requirements
• Transaction records are maintained according to local financial regulations
• Backup and disaster recovery systems respect jurisdictional requirements

We retain your personal information only as long as necessary for the purposes outlined in this policy and as required by applicable laws.

Retention Periods

• Account Information: Retained while your account is active and for 7 years after closure
• Transaction Records: Retained for 7-10 years as required by financial regulations
• KYC Documentation: Retained for 5-7 years after account closure or last transaction
• Communication Records: Retained for 3-5 years for customer service purposes
• Marketing Data: Retained until you withdraw consent or for 2 years of inactivity
• Technical Logs: Retained for 12-24 months for security and performance analysis

Factors Determining Retention

• Legal and regulatory requirements in jurisdictions where we operate
• Legitimate business needs and operational requirements
• Statute of limitations for potential legal claims
• Data subject requests and consent withdrawal
• Risk management and fraud prevention needs

Secure Disposal

When data is no longer needed, we securely dispose of it through:

• Secure deletion from electronic systems
• Physical destruction of paper records
• Cryptographic erasure of encrypted data
• Verification of complete data removal

We use cookies and similar technologies to enhance your experience, analyze usage patterns, and improve our services.

Types of Cookies We Use

• Essential Cookies: Required for basic website functionality and security
• Performance Cookies: Help us understand how visitors interact with our website
• Functional Cookies: Remember your preferences and personalize your experience
• Marketing Cookies: Used to deliver relevant advertisements (with your consent)

Other Tracking Technologies

• Web Beacons: Small images that help us analyze email and website usage
• Local Storage: Browser storage for improved performance and functionality
• Session Storage: Temporary storage for session-specific information
• Mobile Analytics: App usage analytics and crash reporting

Managing Your Preferences

You can control cookies and tracking through:

• Browser settings to block or delete cookies
• Our cookie preference center (where available)
• Opt-out links in marketing communications
• Mobile device settings for app tracking
• Third-party opt-out tools for advertising cookies

Third-Party Cookies

We may allow trusted third parties to place cookies for:

• Analytics and performance measurement
• Customer support and chat functionality
• Fraud prevention and security
• Marketing and advertising (with your consent)

Our privacy practices comply with applicable data protection and financial regulations worldwide, including:

African Data Protection Laws

• Nigeria: Nigeria Data Protection Regulation (NDPR) and Nigerian Data Protection Act
• South Africa: Protection of Personal Information Act (POPIA)
• Kenya: Data Protection Act, 2019
• Ghana: Data Protection Act, 2012
• Rwanda: Law on the Protection of Personal Data and Privacy

Financial Services Regulations

• Central Bank regulations in each operating jurisdiction
• Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) requirements
• Know Your Customer (KYC) compliance standards
• Cross-border payment service licensing requirements
• Foreign exchange control regulations

Regional and International Standards

• African Union Convention on Cyber Security and Personal Data Protection
• Financial Action Task Force (FATF) recommendations
• International standards for cross-border financial services
• ISO 27001 information security management standards

Regulatory Reporting

We maintain compliance through regular reporting to relevant authorities and may share your information with regulatory bodies as required by law, including:

• Transaction reporting for suspicious activity monitoring
• Customer due diligence information for compliance verification
• Statistical reporting for financial system oversight
• Cross-border transaction reporting as required by exchange control regulations

We may update this Privacy Policy periodically. We will notify you of significant changes through our website or direct communication. Your continued use of our services after changes constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your rights, please contact us: