Privacy Policy for Zylu
Last updated on June 4, 2025
1. Introduction
Zylu ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our remittance and virtual card services, or when you interact with our website, including joining our waitlist. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using Zylu or providing your information to us, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein.
2. Information We Collect
We collect several types of information to provide and improve our services. Why we collect this information: We collect this information to provide you with our remittance and virtual card services, comply with legal and regulatory requirements, prevent fraud, and improve our services. What we collect: • Personal Information: Name, email, phone number, date of birth, nationality, and residential address • Financial Information: Bank account details, transaction history, and payment information • Identity Verification: Government-issued ID, passport, or other identification documents • Transaction Data: Details of your remittances, including recipient information, amounts, and timestamps • Device Information: IP address, browser type, device type, and operating system • Usage Data: How you interact with our platform, including features used and time spent • Waitlist Information: When you join our waitlist, we collect your email address, country preferences (if provided), and consent timestamp. This information is used solely to notify you when our service launches.
3. Legal Basis & Consent
We collect and process your data only for clear, specific purposes. For example, when you join our waitlist, we collect your email address solely to notify you when our service launches. Explicit Consent: When you sign up for our waitlist, we use an explicit consent mechanism. The consent checkbox on our signup form is unchecked by default, and you must actively check it to provide your consent. This ensures that your consent is freely given, specific, and informed. Consent Recording: When you provide consent, we record: • Consent timestamp: The exact date and time when you provided consent • Consent status: Whether consent was given or withdrawn You have the right to withdraw your consent at any time by contacting us at support@zylufinance.com.
4. Legal Basis for Processing (GDPR)
Under GDPR, we process your personal data based on the following legal bases: • Consent: When you join our waitlist, you provide explicit consent for us to process your email address and related information to notify you when our service launches • Contract Performance: To provide and maintain our remittance services and process transactions • Legal Obligation: To comply with anti-money laundering (AML), know-your-customer (KYC) regulations, and other legal requirements • Legitimate Interests: To improve our services, detect and prevent fraud, and ensure security You have the right to withdraw your consent at any time by contacting us at support@zylufinance.com or by using our data deletion request process.
5. How We Use Your Information
We use the collected information for various purposes: • To provide and maintain our remittance services • To process your transactions and issue virtual cards • To verify your identity and prevent fraud • To comply with anti-money laundering (AML) and know-your-customer (KYC) regulations • To communicate with you about your account and transactions • To improve our services and develop new features • To detect and prevent fraudulent activities • Waitlist Information: We use your waitlist information solely to notify you when Zylu launches and to provide you with early access information. We do not use waitlist data for marketing purposes without your explicit consent. We process waitlist data based on your explicit consent, which you can withdraw at any time.
6. Data Storage Location
Your personal data is stored and processed using Supabase, a cloud database service. Supabase stores data in the United States of America. When you provide information to us, including when you join our waitlist, your data is stored in Supabase's secure database infrastructure located in the United States. This means your data may be transferred to and stored in a country different from your country of residence. We have implemented appropriate safeguards to protect your data, including: • Encryption of data in transit and at rest • Standard contractual clauses with our data processors • Compliance with international data protection standards • Regular security assessments of our data storage infrastructure
7. International Data Transfers
As a global remittance service, your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information, including: • Standard contractual clauses • Data processing agreements • Compliance with international data protection standards • Regular security assessments of our international operations
8. Financial Data Protection
We implement robust security measures to protect your financial information: • End-to-end encryption for all transactions • Secure storage of payment information • Regular security audits and penetration testing • Multi-factor authentication for account access • Real-time fraud monitoring and detection • Compliance with PCI DSS standards for payment processing
9. Regulatory Compliance
We comply with various financial regulations and data protection laws: • Anti-Money Laundering (AML) regulations • Know Your Customer (KYC) requirements • General Data Protection Regulation (GDPR) • Local financial services regulations • International sanctions and compliance requirements
10. Data Retention
We retain your information for as long as necessary to: • Provide our services • Comply with legal obligations • Resolve disputes • Enforce our agreements Retention Periods: • Financial records: Typically retained for 7 years to comply with regulatory requirements • Waitlist data: Retained until you request deletion or until the service launches and you are notified • Account information: Retained for the duration of your account and for a reasonable period after account closure to comply with legal obligations You may request deletion of your waitlist information at any time by contacting us at support@zylufinance.com.
11. Your Rights Under GDPR
If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights regarding your personal data: • Right of Access: You can request a copy of the personal data we hold about you • Right to Rectification: You can request correction of inaccurate or incomplete data • Right to Erasure ("Right to be Forgotten"): You can request deletion of your data, including waitlist information, subject to legal requirements • Right to Restrict Processing: You can request that we limit how we use your data • Right to Data Portability: You can request your data in a structured, machine-readable format • Right to Object: You can object to processing of your data for certain purposes • Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent • Right to Lodge a Complaint: You have the right to file a complaint with your local data protection supervisory authority To exercise any of these rights, please contact us at support@zylufinance.com. We will respond to your request within one month. For waitlist data deletion, you can also use our automated deletion process.
12. Third-Party Services
We work with trusted third parties to provide our services: • Banking partners for payment processing • Identity verification services • Cloud service providers • Analytics and security services All third parties are bound by strict confidentiality and data protection agreements.
13. Security Measures
We implement comprehensive security measures: • Advanced encryption for data in transit and at rest • Regular security assessments and penetration testing • Access controls and authentication mechanisms • Monitoring and logging of system activities • Incident response and recovery procedures • Employee security training and awareness programs
14. Documentation and Record Keeping
We maintain comprehensive documentation and records to ensure compliance with data protection regulations: What We Document: • Data Collection: We document what data we collect and the specific purposes for which it is collected (as outlined in Section 2 of this policy) • Data Storage: We document where your data is stored (Supabase, United States of America, as detailed in Section 6) • Legal Agreements: We maintain signed Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) with our data processors, including Supabase • Consent Logs: We maintain detailed consent logs that record: - Consent timestamp (date and time) - Consent status (given or withdrawn) - Method of consent (e.g., waitlist signup form) Review and Updates: We regularly review and update our documentation when: • Our data collection practices change • We switch or add new data storage vendors • Our system architecture or data processing changes • Legal or regulatory requirements change This documentation helps us maintain transparency, comply with regulations, and respond to data subject requests efficiently.
15. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.
17. Data Controller and Contact Information
Zylu is the data controller for the personal data we collect and process. Contact Email: support@zylufinance.com For Access Requests: To request a copy of the personal data we hold about you, please email us at support@zylufinance.com with the subject line "Data Access Request" and include your email address or account identifier. For Deletion Requests: To request deletion of your personal data, including waitlist information, please email us at support@zylufinance.com with the subject line "Data Deletion Request" or "Waitlist Data Deletion Request" and include the email address associated with your account or waitlist entry. For Consent Withdrawal: To withdraw your consent for data processing (including waitlist consent), please email us at support@zylufinance.com with the subject line "Consent Withdrawal Request" and include the email address associated with your account or waitlist entry. For Other Data Requests: For any other data-related requests (correction, portability, restriction of processing), please email us at support@zylufinance.com with the subject line "Privacy Request" or "GDPR Request" and describe your request. Response Time: We will respond to all requests within one month of receipt. If your request is complex or we receive multiple requests, we may extend this period by up to two additional months, and we will inform you of any such extension. Complaints: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, you can find your supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en
By using Zylu, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein.