This Privacy Policy explains how Zirofi (“we”, “us”, “our”) collects, uses, shares, and protects your personal data in line with the UK General Data Protection Regulation (UK GDPR) and other applicable laws.
By using Zirofi, you agree to the practices described in this policy. If you do not agree, please stop using our services.
1. Who We Are
Zirofi is a trading name of Nexicode Ltd (Company No. 15555102), a UK-based technology company. We provide a payment facilitation platform allowing businesses to request payments via secure bank transfers, powered by Open Banking.
We do not hold or process funds — all transactions are initiated via a regulated third-party Payment Initiation Service Provider (“Payment Provider”).
2. Data We Collect
We only collect the personal data we need to operate our service.
From Business Users:
Name, business name, email address, phone number
Bank account details (for receiving payments)
Usage data (e.g. number of payment requests, logins)
IP address, browser and device type
Consent logs, legal views, payment action logs
From Payers (your customers):
Bank name (when selected)
Payment reference and metadata
IP address, device/browser details
Consent logs and timestamp of interaction
We do not collect or store bank login details or credentials at any point.
3. Why We Collect Your Data
We process personal data for the following reasons:
To facilitate payments securely via Open Banking
To track payment request usage and ensure audit compliance
To provide customer support and respond to enquiries
To comply with legal obligations, including fraud prevention and financial regulations
To log consent, actions, and legal page views for transparency and data accountability
4. Our Legal Basis
We process your data under the following lawful bases:
Contractual necessity – to deliver our services
Legitimate interests – for fraud prevention, system security, and usage tracking
Legal obligations – where required by regulators
Consent – where applicable (e.g. logging of legal terms or optional communications)
5. Joint Controller Responsibilities
For certain Open Banking transactions, Zirofi and our Payment Provider act as joint controllers under GDPR Article 26.
This applies strictly for the purpose of enabling the customer to complete a payment request initiated by the merchant.
In these cases, both parties are responsible for:
Informing users how their data is used
Enabling data access, correction, or deletion on request
Cooperating in the event of a data breach
We have a controller agreement in place with the Payment Provider to uphold these responsibilities.
Controller Statement:
“Zirofi and its regulated partner jointly control certain data solely to fulfil your payment request under GDPR Article 26.”
6. How We Share Data
We may share data with:
Our FCA-regulated Payment Provider, for secure payment initiation
Service providers (e.g. email, hosting, analytics) under strict confidentiality and data processing agreements
Legal authorities if required by law or to comply with investigations
We never sell, rent, or monetise your personal data.
7. International Transfers
Your data is stored in the UK or EU. If data is transferred outside these regions, we ensure it is protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) or adequacy decisions.
8. Data Retention
We retain data only as long as necessary:
Payment logs: up to 5 years for compliance
Legal views, consent logs: up to 7 years
Account data: for the lifetime of your subscription or until deletion request
9. Your Rights
Under the UK GDPR, you have the right to:
Access your data
Correct inaccurate data
Request erasure (“right to be forgotten”)
Restrict or object to processing
Data portability (for applicable data)
To exercise any of these rights, email hello@zirofi.co.uk. We will respond within 30 days.
10. Cookies & Tracking
We use cookies and similar technologies to:
Enable core functionality (e.g. session management)
Improve user experience and performance analytics
You can manage cookie preferences through your browser settings.
11. Data Security
We use industry-grade security practices:
SSL encryption
Secure access control
Regular audits and penetration testing
We log all legal views, consent actions, and payment-related user interactions for accountability and traceability.
12. Updates to This Policy
We may update this Privacy Policy from time to time. You will be notified of any material changes via email or on our website.
13. Contact Us
For any data-related queries:
Email: hello@zirofi.co.uk
Company: Nexicode Ltd (Company No. 15555102)
By using Zirofi, you confirm that you have read and understood this Privacy Policy and agree to its terms.