All Nigeria policiesUser policy

Privacy Policy

Version: v1 draft Applies to: ZenWave users in Nigeria Status: Draft for Nigerian counsel review

This draft is informed by Nigeria's data protection framework, including the Nigeria Data Protection Act and NDPC guidance noted in SOURCES.md. It is not legal advice.

1. What We Collect

ZenWave may collect:

  • Account details: name, username, email, phone number, password hash, profile information, interests, and preferences.
  • Verification details: OTP status, email status, Trust Passport status, identity/business verification state, and review outcomes.
  • Safety data: safety sessions, guardian relationships, check-ins, approximate locations, reports, escalation data, and support evidence.
  • Community and content data: posts, messages, listings where enabled, comments, reactions, media, and moderation records.
  • Payment readiness data: payment requests, provider references, wallet ledger entries, disputes, refunds, risk reviews, and reconciliation records where enabled.
  • Device and security data: IP address, device/session identifiers, audit logs, MFA, passkeys, and account recovery signals.

2. Why We Use Data

We use data to provide accounts, verification, Trust Passport, communities, messaging, support, safety sessions, paid activity gates, fraud prevention, payment readiness, dispute handling, compliance, analytics, security, and product improvement.

We do not treat a privacy notice as consent by itself. Where consent is required, ZenWave should request it separately and clearly.

3. Nigeria-Focused Commitments

ZenWave should keep privacy notices clear and accessible, support data-subject requests, maintain security controls, review high-risk processing, and prepare breach-response procedures. If ZenWave qualifies as a data controller or processor of major importance, registration, audit-return, DPO, DPIA, breach-notification, and additional NDPC obligations may apply.

Product/legal review note: confirm applicable NDPA/NDPC registration, data-protection impact assessment, cross-border transfer, child-user, and breach-notification requirements before launch.

4. Sharing

We may share data with service providers and partners that support hosting, authentication, OTP delivery, email, support, analytics, payment processing, fraud prevention, identity verification, customer support, safety operations, and legal compliance.

Termii OTP use must remain backend-only. Paystack is the primary payment provider target and Flutterwave is fallback/provider-readiness support unless product configuration changes.

5. Public Visibility and Masking

ZenWave may show public profile names, usernames, trust badges, community activity, content, and other user-selected information. We may mask phone numbers, emails, payment details, exact safety locations, and internal trust/fraud signals.

6. Data Rights

Users may request access, correction, deletion, restriction, portability, objection, withdrawal of consent where consent is the lawful basis, or review of certain account decisions through privacy@zenwave.com or support. Some data may be retained where needed for security, fraud, disputes, legal claims, provider rules, audit logs, tax/accounting, safety, or law-enforcement obligations.

7. Retention

Retention periods should match product need, legal obligations, payment-provider rules, safety risk, disputes, fraud prevention, and audit requirements. ZenWave should keep a written retention schedule and destroy or irreversibly de-identify unnecessary data when retention grounds expire. See the Data Retention Policy for operational guidance.

8. Security

ZenWave should use access controls, audit logs, encryption where appropriate, secure OTP handling, provider secrets management, least-privilege staff access, and incident-response procedures. Secrets must not be exposed in the client or public repositories.

9. Contact

Privacy contact: privacy@zenwave.com Support: support@zenwave.com