← Back to Home

Privacy Policy

Your trust is the foundation of everything we do. Learn how we protect and respect your personal information.

Last Updated: 20 February 2026

Data Security

Your information is encrypted and protected with bank-level security measures.

Transparency

We're clear about what data we collect and exactly how we use it.

Your Rights

You have full control over your data with rights to access, correct, or delete.

Introduction

Zinary, a limited liability company incorporated under the laws of the Federal Republic of Nigeria with its registered address in 4A Nike Lake Street, Maitama, Abuja, registered under the laws of the Federal Republic of Nigeria with registration number 7298260, processes data in accordance with the provisions of the Nigerian Data ProtecMon Act, 2023 and the Nigeria Data Protection Regulation, 2019. Zinary and its affiliates (collectively, “Zinary”, “We”, “Us”, or “Our”) value the security and privacy of your Personal Data.

Zinary is commiWed to protecMng the privacy and security of Personal Data processed through ZinID. This Privacy Policy explains in detail how and why We collect, process, use, disclose, and protect personal data, who has access to your Personal Data, with whom we share it, how you may correct it within the ZinID and your rights and choices regarding our processing of your Personal Data in compliance with applicable data protecMon laws.

Your Consent: Please read this Privacy Policy very carefully. If you do not wish to be bound by the provisions of this Privacy Policy, you should desist from iniMaMng, downloading, installing, accessing or using Our ZinID or sign up for our Services. By creaMng an account (“User Account”) and by using ZinID and the Services, you hereby confirm that you have read, understood, and agree to be bound by the Privacy Policy. This constitutes consent, if you do not create a User Account, We will not be able to provide you access to all parts of the App.

  • "AML/CFT": means Anti-Money Laundering / CombaMng the Financing of Terrorism legal rules and standards as envisaged in the AML/CFT regulaMons;
  • "AML/CFT RegulaIons": include Money Laundering (Prevention and ProhibiMon) Act, 2022, Terrorism (Prevention and ProhibiMon) Act, 2022, Central Bank of Nigeria (CBN) AML/CFT RegulaMons, Economic and Financial Crimes Commission (EFCC) Act, 2004, Special Control Unit Against Money Laundering (SCUML) Guidelines and other relevant national legislations.
  • "Applicable Laws": means the NDPA, NDPR and other relevant laws, and regulaMons governing the control and processing of the User’s personal data;
  • “Artificial Intelligence” or “AI” or “machine learning”: Farm location, farm size, crop types, farming experience, cooperative membership status
  • “Client”: means the legal enMty to and through which Zinary provides the Services under the relevant agreement including the pladorms;
  • “Consent”: means any freely given, specific, informed and unambiguous indicaMon of the Data Subject’s wishes by which they, by a statement or by clear affirmaMve acMon, signify agreement to the processing of their personal data;
  • “Data Controller”: means the enMty that determines the purposes and means of processing Personal Data, in this case, Client or Zinary when it has its own purposes - for the purpose of this Privacy Policy;
  • “Data Processor”: means the enMty that processes Personal Data on behalf of the Data Controller;
  • “KYC”: means Know your Customer;
  • “NDPA”: means Nigeria Data ProtecMon Act, 2023;
  • “NDPR”: means Nigeria Data ProtecMon RegulaMon, 2019
  • “Personal Data”: includes any information collected by ZinID about any User who can be identified or is identifiable, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, geneMc, psychological, cultural, social, or economic idenMty of that individual;
  • “Platform(s)”: means [any online service, applicaMon, or digital environment where Users create Accounts, interact, or perform transacMons, such as websites, mobile apps, social media sites, or e-commerce systems, and similar digital interfaces, that are directly subscribed to ZinID];
  • “Processing”: means any operaMon performed on Personal Data, whether or not by automated means; and
  • “Services”: means the ZinID services and connected services provided by Zinary to Clients and to Users.
  • “User”: means any individual in respect of whom the ZinID services (or any of its elements) is performed as part of the Services provided to a Client (may be referred to as ‘you’ in this Privacy Policy);

This Privacy Policy covers all Personal Data processed through ZinID on any Platform, whether provided directly by Users or through our Clients. This Privacy Policy does not cover how Clients treat users' personal data beyond ZinID. Clients shall provide this information in their privacy statements, which are not subject to Zinary’s control. Where consent is required under this Privacy Policy Clients shall obtain consent from the User.

Applicability

This Privacy Policy applies to information:

  • We collect from Clients using our AI verificaMon pladorm;
  • From Users whose Personal Data is processed through the Platform for verification purposes;
  • Provided via text, email, or any other communicaMon service between you and Us;

Zinary adheres to the principles of Personal data protection as envisaged in the Applicable Laws. Under these principles, Zinary ensures and assists Data Controllers in ensuring that Users’ Personal data is:

  • 1
    Processed fairly and lawfully and in a transparent manner in relation to the Data Subject;
  • 2
    Processed for specified, explicit, and legitimate purposes only and not further processed in a manner that is incompaMble with those purposes;
  • 3
    Adequate, relevant, and limited to what is necessary in relaMon to the purposes for which they are processed;
  • 4
    Kept accurate and up to date;
  • 5
    Retained in a form permittng identification of Data Subjects for no longer than is necessary for the purposes for which they are processed;
  • 6
    Processed in a manner that ensures their appropriate security;
  • 7
    Not transferred outside the Nigeria without adequate protecMon.

We only process Personal Data where We have a lawful basis for doing so, such as the following:

User Consent

This is where you have given Us explicit consent to process Personal Data for a given purpose. For example, if you create a User Account on ZinID or where the Client has obtained consent from you.

Contractual Necessity

This is where We have to process Personal Data to meet Our contractual obligaMons to you.

Legal Obligation

This is where We have to process Personal Data in order to comply with the law.

Protection of vital interests

This is where We are constrained to process your Personal Data in order to protect your interests or those of another person, such as to prevent idenMty then.

Public Interest

This is where there is an overriding public interest or We have been vested with an official public mandate to take certain acMon in the interest of the public.

A legitimate business interest:

This means Our interest in conducMng and managing Our Services to enable Us to give you the best service or product and the best and most secure experience. We make sure we consider and balance any potenMal impact on you and your rights before We process your Personal Data for Our legiMmate interests. We do not use your Personal Data for acMviMes where Our interests are overridden by the impact on you unless we have your consent or are otherwise required or permiWed to by law.

Other Legal Purposes:

  • Where it’s not prohibited by applicable laws and provided we have permission from our Clients, we may process some personal data, including biometrics, to develop and improve identity verificaMon services to prevent and detect fraud and other illicit activity as part of substantial public interest via machine learning;

  • Given the nature of our Services, we are to detect and prevent criminal acMvity, fraud, and money laundering by checking the provided User data against records of confirmed or suspected illegal acMvity, fraud or money laundering. If any sign of this appears, we will inform our Clients of this.

  • In connecMon with the purpose above, we may also conduct profiling, staMsMcal analysis, and analyMcs in AML/CFT tendency, fraud detecMon, and prevention. Our system may aggregate Users’ data to generate reports and charts our Clients may use when assuming the risk likelihood associated with specific characterisMcs;

  • We can process Personal data, including biometric data, to idenMfy a User or a Client’s representaMve for idenMficaMon purposes to process data subject access request or the Client’s request accordingly;

  • We sometimes may be obliged to process or retain all or part of Personal data for the establishment, exercise, or defence of legal claims;

If we disclose your Personal Data, to the extent reasonably pracMcable and permissible, we will require its recipients to comply with adequate privacy and confidenMality requirements and security standards.

Zinary applies the principle of “data minimizaMon” to the collected Personal Data, so that the Personal Data collected by Us is anonymized by default.

Client Data

  • Company name, registration number, and business type.
  • Physical address, email addresses, and phone numbers.
  • Billing information, biling address, bank details, and payment records.
  • Account credentials and access logs.
  • Contract details and service preferences.

User Data

  • Personal idenntifiers (full name, date of birth, physical address, sex, date of birth, legal capacity, nationality and citizenship, locaMon (street, city, country, and postcode).
  • Government-issued means of idenMficaMon (national identity number, driver’s license, international passport).
  • Facial Image Data (Photos of the face (including selfie images) and photos or scans of the face on the idenMficaMon document, videos, and sound recordings.)
  • Contact information (e-mail address, phone number).
  • Biometric data (if applicable, such as facial recognition or fingerprints).
  • Banking details (Cardholder name, expiry date, first 6 and last 4 digits of the card number.)
  • Financial information (e.g., credit scores, transaction history).
  • Technical data (Information regarding the date, Mme, and activity in the Services; IP address and domain name; software and hardware attributes (e.g., camera name and type); general geographic locaMon (e.g., city, country) from User’s device.)
  • Unique Identifier (User ID created only for identifying the User in the ZinID system.)
  • [Employment history and educational background]; and Financial information (e.g., credit scores, transaction history).
  • Any other data required for specific verification processes

We collect information through:

  • Direct input by Clients and their employees when setting up and using the Platform.
  • API integrations with client systems.
  • Automated data collection through Platform usage.
  • User submissions for verification processes.
  • Third-party data providers (with appropriate consent and legal basis).

Zinary carries out the following types of automated processing,

Onboarding and Compliance

When onboarding users, ZinID employs an AI-driven platform designed to streamline and secure the onboarding process. This platform serves as a centralized Know Your Customer (KYC) validaMon and management system, allowing users to securely store, manage, and share their credentials, documents, and idenntity informaMon. Users are assigned a unique eight-digit ID number and a biometric identfier, enabling them to easily retrieve and reuse their informaMon across multiple pladorms. ZinID also applies real-Mme authenMcaMon and re- verificaMon features to maintain the protecMon and accuracy of digital records for both customers and businesses, enhancing the overall user experience and security.

Fraud detection

  • ZinID implements a fraud detecMon and control network based on the anti-fraud checks required by our Clients and those included in our Services by default. Such checks require collecting, analysing, and re-using recorded User data.

  • Generally, ZinID verifies whether a User’s attributes—geolocation (IP address), device signature (operaMng system and camera name), email address, or mobile phone—have previously been involved in or related to any fraudulent acMvity or may currently signal suspicious behaviour paWerns and otherwise point out that the User is fake. At a Client’s order, we may check informaMon with our Data Providers on AML/CFT regulaMons requirements, such as screening through adverse media mentions match or checking for residency in high-risk countries.

Fraud Scoring on IP Adress

ZinID evaluates the risk level of users by analysing their IP addresses, with fraud scores ranging from 0% to 100%. For every Mme a user aWempts to sign up on a Client’s pladorm through ZinID, ZinID collects the user's IP address and performs a fraud assessment on the IP address. Based on this assessment, the IP address is assigned a fraud score. This score helps in monitoring and reporMng potenMal fraudulent acMviMes linked to the IP address. If a user with a high fraud score tries to onboard to a new pladorm, ZinID will automaMcally flag the user's registraMon and keep the vendor informed of the high risk user. This feature is intended to safeguard Client’s systems by miMgaMng the risks associated with fraudulent acMviMes.

IdenIty VerificaIon Checks

  • We conduct identity verificaMon checks on behalf of Clients; however, we do not make any final decisions. Our role is to provide Clients with reports containing informaMon about the idenMty verificaMon process and results (with the reasoning behind them reflecMng the level of fraud or another risk, if any). The reasons are derived from the work of our system and its algorithms, including those based on a symbiosis of machine learning models and human supervision and intervention. The final decision on a User onboarding is made by a human on the Client’s side when the checks' result is transmiWed to the particular Client. Clients consider this informaMon while deciding to accept or decline a User applicaMon, request further checks, or conMnue to service that User following their risk assessment and investigations.

  • Certain ZinID checks may be fully automated due to simplicity, using machine learning, or Clients’ request. When Clients use check results to make final decisions regarding Users undergoing verificaMon, Clients may automate the final decision-making process. When Clients make automated decisions, including those based on our check results, they shall inform you of the legal grounds and, if necessary, obtain your consent. Any User can appeal automated decisions by reviewing the methods provided on a Client's side.

  • This means we may automaMcally decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true idenMty. You have rights in relaMon to automated decision making as set out in clause 19.

  • If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, our Clients may refuse to provide the services or financing you have requested, or to employ you, or they may stop providing exisMng services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.

KYC and Re-KYC ValidaIon

The ZinID system has a feature that allows for an ongoing KYC. The KYC feature not only verifies provided data with existing data, but also conMnues to revalidate such data across the network each time an identity is presented and re-presented within the network for KYC. Therefore, the system allows for continuous revalidation of identity across all platforms to make sure that changes or updates to a user's data is reflected across the entire network instantly. With this feature we will periodically update KYC information across the entire ZinID network, allowing us to complete the task of updating accurate customer data and ensuring compliance with regulatory requirements in real Mme on behalf of the Clients.

We may share Personal Data with:

  • Service providers: Cloud hosting providers, payment processors, customer support tools.
  • Sub-processors: Third-party services that assist in data processing operations.
  • Legal and regulatory bodies: When required by law, court order, or governmental regulation.
  • Business transfers: In connecMon with a merger, acquisiMon, or sale of assets relaMng to Zinary.
  • Client companies: VerificaMon results and reports for their Users.

Note: We maintain a current list of Our sub-processors, which can be made available to you upon request. We do not sell your personal information to third parties for commercial purposes.

At Zinary, We use administrative, technical, and physical safeguards to protect your Personal Data, taking into account the nature of the Personal Data, the processing of such Personal Data and the threats posed. We implement robust security measures to protect Personal Data, including but not limited to the following:

Encryption

All data is encrypted in transit (SSL/TLS) and at rest using industry-standard encryption protocols.

Authentication

Our systems provide two-factor authentication for Platform access.

Training

We provide Employee training on data protecMon and security best pracMces

Access Control

Strict access controls and logging mechanisms ensure only authorized personnel can access your data on a need-to-know basis.

Secure Infrastructure

Our systems are hosted on secure, certified cloud infrastructure with regular security audits and penetration testing.

Monitoring

24/7 security monitoring and incident response procedures to detect and respond to threats.

We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permiWed by law.

When assessing retention periods, We carefully examine whether it is necessary to retain the Personal Data collected and, if retention is required, We work to retain the Personal Data for the shortest possible period permissible under law.

Our retention periods vary based on the type of Personal Data which includes:

  • Client and employee Personal Data: For the duration of the service agreement plus no more than [three (3)] years;
  • User verificaIon data: As specified in our agreement with the Clients, typically three (3) years; and
  • Platform logs and security data: Three (3) years for security and audit purposes.

Depending on your jurisdiction and relationship with Us, you may have the following rights:

1
Right to Access

Request copies of your personal information we hold

2
Right to Rectification

Request correction of inaccurate or incomplete data

3
Right to Erasure

Request deletion of your data (subject to legal requirements)

4
Right to Restrict Processing

Request limitation on how we use your data

5
Right to Data Portability

Receive your data in a structured, machine-readable format

6
Right to Object

Object to processing based on legitimate interests

7
Right to Decision Making

Automated decision-making and profiling

To exercise any of these rights:

Contact our Data Protection Officer using the details in the "Contact Us" section below or send us a written request, dated and signed.

For any right We have Processed based on your consent, you have the right to withdraw your consent to the Processing of your Personal Data at any time without affecting the lawfulness of processing based on consent before its withdrawal

  • 1
    ZinID is an advanced Artificial Intelligence (Al) based system designed to enhance digital identity verification and risk management for its Users. ZinID uses AI and machine learning algorithms for its verification processes.
  • 2
    We are committed to transparency in AI usage and AI is purposefully used to analyse submitted data and determine verification outcomes.
  • 3
    Logic involved: Our AI models use a centralised KYC validaMon and management pladorm, enabling Users to store and manage their credenMals, documents, and idenMty informaMon safely, evaluaMng the risk level of Users by analysing their IP addresses, with fraud scores ranging from 0% to 100%.
  • 4
    Significance and consequences: Verification results may impact Users' ability to access certain services or complete transactions with Zinary’s Clients.
  • 5
    Human intervention: Users have the right to request human review of any decision made solely by automated processing.
  • 6
    Bias mitigation: We regularly audit Our AI systems for potential biases and work to ensure fair outcomes.

We may transfer personal data to countries outside Nigeria. When we do, We ensure appropriate safeguards are in place and transfer such data in accordance with the basis for cross-border transfer of Personal Data as provided in the NDPA, international best practices and applicable international law.

Zinary may process Personal data of children, understood as individuals under the age of majority under national laws of a Client’s country of incorporation, when the Client ensures that the person with parental responsibility for the child has consented to such processing or when the child may consent themselves to the processing according to the naMonal laws without parental consent. As the data controller, it is the Client's responsibility to determine when parental consent is required based on the type of Personal data collected, and to fully understand the regulatory requirements and age restricMons related to processing data without parental consent in the countries where the Client operates and from which it gathers Users. If Zinary becomes aware that a child's Personal data has been submiWed without the necessary parental consent (for instance, through an internal audit), the data may be deleted without undue delay.

At Zinary, We believe that great privacy rests on great security. We use administrative, technical, and physical safeguards to protect the Personal Data of Data Subjects, considering the nature of the Personal Data, the Processing, and the threats posed. We are constantly working to improve on these safeguards to help keep your Personal Data secure.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

How we notify you of changes:
  • Prominent notice on our platform at least 30 days before changes take effect
  • Email notification to registered applicants for material changes
  • Updated "Last Modified" date at the top of this policy

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights as a Data Subject, please contact us at:

Address

4A Nike Lake Street, Maitama, Abuja, Nigeria