Zirofi Privacy

Zirofi Privacy Policy

This Privacy Policy explains how Zirofi (“we”, “us”, “our”) collects, uses, shares, and protects your personal data in line with the UK General Data Protection Regulation (UK GDPR) and other applicable laws.

By using Zirofi, you agree to the practices described in this policy. If you do not agree, please stop using our services.

1. Who We Are

Zirofi is a trading name of Nexicode Ltd (Company No. 15555102), a UK-based technology company. We provide a payment facilitation platform allowing businesses to request payments via secure bank transfers, powered by Open Banking.

We do not hold or process funds — all transactions are initiated via a regulated third-party Payment Initiation Service Provider (“Payment Provider”).

2. Data We Collect

We only collect the personal data we need to operate our service.

From Business Users:

  • Name, business name, email address, phone number

  • Bank account details (for receiving payments)

  • Usage data (e.g. number of payment requests, logins)

  • IP address, browser and device type

  • Consent logs, legal views, payment action logs

From Payers (your customers):

  • Bank name (when selected)

  • Payment reference and metadata

  • IP address, device/browser details

  • Consent logs and timestamp of interaction

We do not collect or store bank login details or credentials at any point.

3. Why We Collect Your Data

We process personal data for the following reasons:

  • To facilitate payments securely via Open Banking

  • To track payment request usage and ensure audit compliance

  • To provide customer support and respond to enquiries

  • To comply with legal obligations, including fraud prevention and financial regulations

  • To log consent, actions, and legal page views for transparency and data accountability

4. Our Legal Basis

We process your data under the following lawful bases:

  • Contractual necessity – to deliver our services

  • Legitimate interests – for fraud prevention, system security, and usage tracking

  • Legal obligations – where required by regulators

  • Consent – where applicable (e.g. logging of legal terms or optional communications)

5. Joint Controller Responsibilities

For certain Open Banking transactions, Zirofi and our Payment Provider act as joint controllers under GDPR Article 26.

This applies strictly for the purpose of enabling the customer to complete a payment request initiated by the merchant.

In these cases, both parties are responsible for:

  • Informing users how their data is used

  • Enabling data access, correction, or deletion on request

  • Cooperating in the event of a data breach

We have a controller agreement in place with the Payment Provider to uphold these responsibilities.

Controller Statement:

“Zirofi and its regulated partner jointly control certain data solely to fulfil your payment request under GDPR Article 26.”

6. How We Share Data

We may share data with:

  • Our FCA-regulated Payment Provider, for secure payment initiation

  • Service providers (e.g. email, hosting, analytics) under strict confidentiality and data processing agreements

  • Legal authorities if required by law or to comply with investigations

We never sell, rent, or monetise your personal data.

7. International Transfers

Your data is stored in the UK or EU. If data is transferred outside these regions, we ensure it is protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

8. Data Retention

We retain data only as long as necessary:

  • Payment logs: up to 5 years for compliance

  • Legal views, consent logs: up to 7 years

  • Account data: for the lifetime of your subscription or until deletion request

9. Your Rights

Under the UK GDPR, you have the right to:

  • Access your data

  • Correct inaccurate data

  • Request erasure (“right to be forgotten”)

  • Restrict or object to processing

  • Data portability (for applicable data)

To exercise any of these rights, email hello@zirofi.co.uk. We will respond within 30 days.

10. Cookies & Tracking

We use cookies and similar technologies to:

  • Enable core functionality (e.g. session management)

  • Improve user experience and performance analytics

You can manage cookie preferences through your browser settings.

11. Data Security

We use industry-grade security practices:

  • SSL encryption

  • Secure access control

  • Regular audits and penetration testing

We log all legal views, consent actions, and payment-related user interactions for accountability and traceability.

12. Updates to This Policy

We may update this Privacy Policy from time to time. You will be notified of any material changes via email or on our website.

13. Contact Us

For any data-related queries:

Email: hello@zirofi.co.uk

Company: Nexicode Ltd (Company No. 15555102)

By using Zirofi, you confirm that you have read and understood this Privacy Policy and agree to its terms.