Privacy Policy

1. Data Controller

ZuriPay, operated by Lioncap Ventures (Private) Limited, is the data controller responsible for your personal data. For data protection inquiries, contact us at [email protected] or [email protected].

2. Information We Collect

We collect different categories of information depending on how you interact with our Services:

2.1 Account Information

• Business name, registration details, and trading name
• Contact person name, email address, and phone number
• Physical and postal address
• Bank account and settlement details
• National identification or passport number (for KYC verification)
• Tax registration number where applicable

2.2 Transaction Data

• Payment amounts, currencies, and transaction references
• Payment method used (card, EcoCash, ZimSwitch, payment link)
• Transaction timestamps and status
• Customer email addresses provided during checkout
• Settlement amounts and dates

2.3 Technical Data

• IP address and approximate geolocation
• Browser type, version, and operating system
• Device identifiers and screen resolution
• Pages visited on our website and interaction patterns
• Referral source and session duration

2.4 API Usage Data

• API request logs (endpoint, timestamp, response status)
• Integration configuration details
• Webhook delivery logs

3. Legal Basis for Processing

In accordance with the Zimbabwe Cyber and Data Protection Act and the GDPR, we process your personal data on the following legal bases:

• Contractual necessity: Processing required to provide our payment processing services as agreed in our Terms of Service.
• Legal obligation: Processing required to comply with anti-money laundering (AML), know-your-customer (KYC) regulations, tax reporting, and Reserve Bank of Zimbabwe directives.
• Legitimate interest: Processing for fraud prevention, service improvement, and security monitoring, where these interests are not overridden by your data protection rights.
• Consent: Where required, we obtain explicit consent for marketing communications and non-essential cookies.

4. How We Use Your Information

• Processing and settling payment transactions
• Account creation, verification, and management
• Fraud detection, prevention, and investigation
• Compliance with KYC/AML regulations and Reserve Bank directives
• Providing customer support and technical assistance
• Sending service-related notifications (transaction alerts, settlement confirmations)
• Generating reports and analytics on your dashboard
• Improving our Services, including performance and user experience
• Marketing communications (only with your explicit consent)
• Enforcing our Terms of Service and preventing abuse

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

• Payment processors and banks: To process card transactions, EcoCash payments, and ZimSwitch transactions (e.g., acquiring banks, mobile money operators, ZimSwitch network).
• Regulatory authorities: When required by law, including the Reserve Bank of Zimbabwe, Zimbabwe Revenue Authority (ZIMRA), Financial Intelligence Unit, and the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ).
• Service providers: Cloud hosting, email delivery, analytics, and fraud detection providers who process data on our behalf under strict contractual obligations.
• Legal proceedings: When necessary to respond to legal process, enforce our agreements, or protect our rights and the safety of our users.

6. International Data Transfers

Some of our service providers operate outside Zimbabwe. When we transfer personal data internationally, we ensure adequate safeguards are in place as required by the Cyber and Data Protection Act, including contractual data protection clauses, encryption in transit and at rest, and selecting providers in jurisdictions with adequate data protection frameworks. We prioritise service providers that maintain compliance with international data protection standards.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account data: Retained for the duration of your account and for 7 years after account closure (as required by financial regulations).
• Transaction records: Retained for a minimum of 7 years for tax, audit, and regulatory compliance purposes.
• Technical logs: Retained for up to 12 months for security and debugging purposes.
• Marketing preferences: Retained until you withdraw consent or unsubscribe.

8. Data Security

We implement industry-standard technical and organisational measures to protect your personal data, including: TLS encryption for all data in transit; encryption at rest for sensitive data; access controls and authentication for all systems; regular security assessments and monitoring; separate staging and production environments; audit logging of all access to personal data; and incident response procedures. While no system is completely secure, we continuously work to strengthen our protections and respond promptly to any security incidents.

9. Your Rights Under Data Protection Law

Under the Zimbabwe Cyber and Data Protection Act and applicable international data protection laws, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your personal data where there is no compelling reason for continued processing (subject to legal retention requirements).
• Right to restrict processing: Request that we limit how we use your data in certain circumstances.
• Right to data portability: Receive your personal data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time.
• Right to lodge a complaint: File a complaint with the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) or the relevant data protection authority.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies for the following purposes:

• Essential cookies: Required for the website and dashboard to function (session management, authentication). Cannot be disabled.
• Preference cookies: Remember your settings such as theme preference (light/dark mode).
• Analytics cookies: Help us understand how visitors interact with our website to improve our services. These are only set with your consent.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of our Services.

11. Children's Privacy

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to your registered account email address and/or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of our Services after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data protection practices: