Privacy Policy

Version 3.0 - Effective Date: 24th February 2026 - Last Updated: February 2026

1. INTRODUCTION

This Privacy Policy explains how Jenzy collects, uses, discloses, and protects your personal data when you use our platform or interact with us in connection with our services.

Jenzy operates through two legal entities:

• Jenzy Systems Limited, incorporated in Nigeria with company registration number RC 9245144, registered at 6 Iboko Road, Akute-Ishashi, Ifo, Ogun State, Nigeria; and

• Jenzy Ltd, incorporated in England and Wales with company registration number 16183483, registered at 20 Wenlock Road, London, N1 7GU, United Kingdom.

Together these entities are referred to in this policy as "Jenzy", "we", "us", or "our". The entity acting as data controller in respect of your personal data will depend on where you are located and which entity you contract with. Nigerian customers and counterparties will primarily interact with Jenzy Systems Limited. UK and international customers will primarily interact with Jenzy Ltd. Where both entities process your data, both may act as independent controllers.

Jenzy is a technology and payment-orchestration platform. Jenzy does not hold, custody, or transmit funds on its own account. All regulated financial activities - including settlement, foreign exchange conversion, and on/off-ramp functions - are carried out by Jenzy's licensed Regulated Partners (CBN-licensed and/or SEC-licensed banks, payment service providers, and virtual asset service providers). This means your financial data may be shared with those Regulated Partners as part of processing your transactions.

2. SCOPE OF THIS POLICY

This policy applies where:

• You are an end user of the Jenzy platform or any product or service offered by Jenzy;

• You are a representative, director, beneficial owner, or shareholder of one of our business or institutional clients; or

• You otherwise interact with us, including through our website, API, or support channels.

3. DATA WE COLLECT

3.1. Information You Provide to Us

This includes information you provide when you sign up, complete forms, or communicate with us, such as:

• Full name

• Date of birth

• Contact details (email address, phone number, postal address)

• Country of residence

• Government-issued ID or passport information

• Bank account details or payment credentials (shared securely with our Regulated Partners)

• Photograph (for identity verification purposes)

• On-chain wallet address (for virtual asset-related transactions)

• Business name, industry, and registration details (for business clients)

• Information about beneficial owners, authorised users, or contact persons (for business clients)

3.2. Information We Collect or Generate About You

• We may also collect or generate:

• Transaction data (including date, amount, currency, counterparty details, payment method, status, and history)

• Device and usage information relating to your interaction with our platform (including IP address, browser type, operating system, and session data)

• Records of our communications with you (including emails, support chats, and call notes)

• Cookies and similar tracking technologies (see Section 10 below)

3.3. Information We Obtain From Third Parties

We may receive personal data about you from:

• KYC/KYB (Know Your Customer / Know Your Business) partners who conduct identity verification and background screening

• Sanctions screening and adverse media providers

• Wallet screening and transaction monitoring providers

• Licensed financial partners and payment processors as necessary to process transactions and comply with regulatory requirements

• Publicly available sources, including company registries and regulatory databases

4. HOW WE USE YOUR PERSONAL DATA

4.1. For End Users

We may use your personal data to:

• Verify your identity and confirm you have the legal authority and capacity to conduct transactions

• Ensure you are not associated with fraud, sanctions violations, money laundering, or other prohibited activities Process your cross-border payment requests through our Regulated Partners

• Communicate with you regarding your transactions, account, or our services

• Comply with legal, regulatory, and tax obligations

• Detect, prevent, and investigate fraud, security incidents, and technical issues

• Maintain, operate, and improve our platform and services

4.2. For Business Clients and Their Representatives

We may use personal data relating to business clients and their representatives to:

• Verify your organisation, its beneficial owners, authorised users, and contact persons

• Assess eligibility to use our services Conduct background checks relating to fraud, sanctions, and regulatory compliance

• Communicate with you regarding your organisation's use of our services

• Process transactions and facilitate payment flows through our Regulated Partners

• Comply with legal and regulatory obligations applicable to your organisation

5. LEGAL BASES FOR PROCESSING

We process your personal data on one or more of the following legal bases, as applicable under the Nigeria Data Protection Act 2023 (NDPA), the UK General Data Protection Regulation (UK GDPR), and where applicable the EU GDPR:

• Legal and regulatory obligations: To comply with applicable laws and regulations, including anti-money laundering and counter-terrorist financing (AML/CFT) requirements, sanctions compliance, tax reporting, and financial services regulations.

• For Nigerian customers, this includes compliance with the Money Laundering (Prevention and Prohibition) Act 2022, the CBN AML/CFT regulations, and the NDPA 2023.

• Contractual necessity: To perform our obligations under the agreement we have with you or your organisation, including processing transactions and providing access to the platform.

• Legitimate interests: Where processing is necessary for our legitimate business interests (or those of our Regulated Partners), such as operating our platform, preventing fraud, protecting the security of our services, and improving our products, provided those interests are not overridden by your rights and interests.

• Consent: Where you have given us explicit consent to process your data in a specific way. You may withdraw consent at any time, though this will not affect processing carried out before withdrawal, and we may continue to process your data where another legal basis applies.

• Establishment, exercise, or defence of legal claims: Where processing is necessary for legal proceedings or to establish, exercise, or defend our legal rights.

6. DISCLOSURE OF YOUR PERSONAL DATA

We restrict access to your personal data to those who have a legitimate need to use it for the purposes described in this policy.

6.1. Regulated Partners and Service Providers

We may share your personal data with:

• Licensed financial institutions, banks, and payment processors who handle the transfer of funds on your behalf KYC/KYB providers and compliance vendors who conduct identity verification and background screening

• Wallet screening and transaction monitoring providers

• Data storage and cloud infrastructure providers

• Analytics and reporting providers

All third parties are subject to contractual obligations requiring them to protect your personal data and use it only for the purposes described in this policy.

6.2. Within the Jenzy Group

Personal data may be shared between Jenzy Systems Limited and Jenzy Ltd where necessary to operate our services and for internal administrative purposes, subject to appropriate safeguards.

6.3. Business Transfers

We may disclose your personal data if we sell or transfer any part of our business or assets, in which case personal data may be disclosed to prospective buyers as part of due diligence. If we are acquired by a third party, personal data held by us will be transferred to the acquiring entity.

6.4. Legal and Regulatory Requirements

We may disclose your personal data where required to do so by law or regulation, to comply with a court order or government request, or to establish, exercise, or defend our legal rights.

We do not share your personal data with third parties for their own marketing purposes without your explicit consent.

6.5. No Direct Contact with Counterparty Customers

Where Jenzy provides services to a business client who has its own end customers, Jenzy will not use personal data obtained through that relationship to directly contact or market to those end customers without the prior written consent of the business client, except where required by law.

7. INTERNATIONAL DATA TRANSFERS

Your personal data may be transferred to, stored in, or accessed from countries outside Nigeria, the United Kingdom, or the European Economic Area (EEA), including to our Regulated Partners and service providers operating in other jurisdictions.

Where we transfer personal data internationally, we ensure it is protected by appropriate safeguards, which may include:

• Transfers to countries formally recognised as providing an adequate level of data protection under applicable law

• Standard contractual clauses approved by the relevant regulatory authority (including the NDPC, ICO, or European Commission as applicable)

Binding corporate rules or other contractual protections obliging recipients to protect your personal data

You may request details of the safeguards applicable to any specific transfer by contacting us using the details in Section 12 below.

8. RETENTION OF PERSONAL DATA

We retain your personal data only for as long as necessary for the purposes for which it was collected or as required by law.

Retention periods are determined by:

• Purpose of use: We retain data for the duration of your relationship with us and as needed to fulfil transactions and provide services.

• Legal obligations: Applicable laws and regulations may require us to retain data for minimum periods, particularly for AML/CFT, tax, and financial regulatory purposes. Under Nigerian law, this is generally a minimum of five (5) years following the end of a business relationship.

• Dispute resolution: We may retain data where necessary to resolve disputes, respond to complaints, or defend legal claims.

• Legitimate business interests: We may retain anonymised or aggregated data for analytics, product improvement, and business reporting purposes.

When personal data is no longer required, we will securely delete or anonymise it, unless we have a legal obligation or overriding legitimate interest to retain it.

9. YOUR RIGHTS

You have the following rights in relation to the personal data we hold about you, subject to applicable law and certain conditions and exceptions:

• Right of access: You can request a copy of the personal data we hold about you and information about how we process it.

• Right to rectification: You can request that we correct inaccurate or incomplete personal data.

• Right to erasure: In certain circumstances, you can request that we delete your personal data. We may be legally required to retain some data, particularly for AML/CFT and regulatory compliance purposes.

• Right to restrict processing: In certain circumstances, you can request that we restrict our processing of your personal data.

• Right to data portability: In certain circumstances, you can receive personal data you have provided to us in a structured, commonly used, machine-readable format and request that we transmit it to another controller where technically feasible.

• Right to object: In certain circumstances, you can object to our processing of your personal data, including where we process it on the basis of legitimate interests.

• Right to withdraw consent: Where we rely on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

• Right to lodge a complaint: You have the right to lodge a complaint with the relevant data protection authority:

  • For Nigerian users: Nigeria Data Protection Commission (NDPC) - www.ndpc.gov.ng

  • For UK users: Information Commissioner's Office (ICO) - www.ico.org.uk

  • For EU users: Your national data protection authority

To exercise any of your rights, please contact us using the details in Section 12 below. We will respond within the timeframe required by applicable law (within 30 days under the NDPA, and within one month under UK/EU GDPR, with the possibility of extension where permitted by law).

10. COOKIES AND TRACKING TECHNOLOGIES

Our platform and website may use cookies and similar tracking technologies to operate and improve our services, analyse usage, and support security. Cookies are small text files stored on your device when you visit our platform.

We may use the following types of cookies:

• Essential cookies: Necessary for the platform to function. These cannot be disabled.

• Analytics cookies: Help us understand how users interact with our platform so we can improve it.

• Security cookies: Used to detect and prevent fraudulent activity.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our platform. Where required by law, we will obtain your consent before placing non-essential cookies.

11. DATA SECURITY

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we use commercially reasonable means to protect your personal data, we cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant data protection authority and, where required, affected individuals, within the timeframes prescribed by applicable law.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our platform and/or by emailing the address associated with your account. Your continued use of Jenzy after the updated policy is posted will constitute your acceptance of those changes where permitted by law.

13. CONTACTING US

If you have any questions about this Privacy Policy, wish to exercise any of your rights, or would like more information about how we process your personal data, please contact us at:

Email: hello@jenzy.com

Jenzy Systems Limited 6 Iboko Road, Akute-Ishashi, Ifo, Ogun State, Nigeria RC 9245144

Jenzy Ltd 20 Wenlock Road, London, N1 7GU, United Kingdom Company No. 16183483

We will endeavour to respond promptly and within the time limits set by applicable data protection law.