Article 3.1: Zero-Sale Policy
Zelencio maintains a strict "Zero-Sale" policy regarding your Personal Identifiable Information (PII). We do not sell, rent, or trade your KYC data, biometric records, or transaction history to third-party marketing firms or data brokers for commercial purposes. Your data is used exclusively to facilitate the services you have requested and to maintain platform security.
Article 3.2: Data Sharing with Other Users
To enable the functional features of a Peer-to-Peer (P2P) marketplace and social ecosystem, Zelencio facilitates the limited sharing of data between users:
3.2.1. P2P/C2C Trading: When you enter an active trade, your username and any payment details you have configured (e.g., Bank Name and Account Number) are shared with your counterparty to facilitate the fiat transfer.
3.2.2. Internal Transfers and Vouchers: When sending or receiving assets via ZIN or Zelencio Codes, the involved parties may see the other’s username and profile picture to verify the recipient’s identity.
3.2.3. Escrow Hub: If a Middle Man is involved in a digital product trade, they will have access to the trade chat and any "Item Proof" screenshots uploaded by the Buyer or Seller to perform their duty.
Article 3.3: Disclosure to Third-Party Service Providers
Zelencio partners with specialized service providers to enhance platform functionality. We only share the minimum amount of data necessary:
3.3.1. Non-Confidential Media Hosting: Profile pictures, P2P chat attachments, and Escrow "Item Proof" screenshots are processed and hosted by Cloudinary. These files are transmitted via encrypted channels and are subject to Cloudinary’s security protocols.
3.3.2. Communications (SMS/Email): We share your phone number and email with authorized telecommunications gateways to deliver One-Time Passwords (OTP) and critical security alerts.
3.3.3. Support and AI Systems: Data from your support tickets may be processed by AI-driven support tools to provide rapid 24/7 assistance.
Article 3.4: Payment Gateways and Fiat-to-Crypto Providers
As part of our licensing strategy, Zelencio utilizes secure WebViews to connect users with licensed third-party payment processors:
3.4.1. Independent Controllers: Providers such as Paystack, Flutterwave, and Stripe operate as independent data controllers. When you enter payment details into their secure WebView interface, that data is processed directly by them under their own Privacy Policies.
3.4.2. Confirmation Data: Zelencio only receives a technical "success" or "failure" signal from these providers to update your account balance. We do not store your full credit card numbers or banking passwords on our servers.
Article 3.5: Legal and Regulatory Disclosures
Zelencio may be legally compelled to disclose your information to government authorities or law enforcement agencies (e.g., the EFCC or SEC in Nigeria) in the following circumstances:
3.5.1. Court Orders: Upon receipt of a valid subpoena, court order, or search warrant.
3.5.2. Mandatory Reporting: To report suspicious activity as required by international Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) laws.
3.5.3. Platform Protection: When we believe in good faith that disclosure is necessary to prevent physical harm, financial loss, or to report suspected illegal activity.
Article 3.6: Technical Security and Data Storage
Zelencio employs enterprise-grade technical safeguards to protect your data from unauthorized access or alteration:
3.6.1. Encrypted Internal Servers: All sensitive KYC documents, liveness videos, and the Zelencio Internal Ledger are stored on proprietary, high-security servers. This data is protected using AES-256 encryption at rest and TLS 1.2/1.3 encryption during transmission.
3.6.2. Server Segregation: We maintain a strict boundary between our internal "Financial/Identity Core" and third-party media storage. Confidential identity data is never stored on third-party media clouds.
3.6.3. Firewall and Monitoring: Our infrastructure is protected by advanced firewalls and 24/7 intrusion detection systems (IDS) to monitor for malicious activity or Zero-Day vulnerabilities.
3.6.4. Employee Access: Access to sensitive user data is strictly limited to authorized "Compliance Officers" and "Security Personnel" on a "Need-to-Know" basis, and all access is audited.