DISCLAIMER

It is important that you read this privacy policy together with any other policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy does not override any other notices and privacy policies that may be published by us for any other reason (i.e promotional offers), rather it supplements them.

There may be third-party sites you may encounter in your use of our website, app, services or any of our other platforms. While we ensure that our third-party service providers are compliant with relevant and applicable data protection laws, we are not responsible, or in any way liable for any data violations that result from your use or interaction with any third-party sites on our platforms. We encourage you to thoroughly and carefully review the privacy policies of any third-party site before engaging them.

Our services are intended for persons who are 18 years of age or older, or the legal age of contractual consent in their jurisdiction of residence, whichever is greater. We do not knowingly collect personal data from persons under this age. If we become aware that we have collected personal data from someone below the minimum required age, we will take immediate steps to delete such information promptly.

By using our website, app, services, and platforms, you hereby declare that you are an adult of consenting age and eligible to use our services and platforms.

1.1 The Type Of Data We Collect:

We collect personal data or personal information which is any information about a person that can be used to identify the person. This does not include data where the identity of the person has been removed (anonymous data). In order to efficiently and effectively provide you with our products and services, and be compliant with enabling regulations for the conduct of our business, we may need to collect, record, use, hold, store, and disclose your personal data which is categorized into the following:

• Personal Identification Information: Name, address, email address, phone number, date of birth, gender and government-issued identification numbers.
• Financial Information: Bank account details, transaction records, and payment information.
• Technical Information: IP address, browser type, operating system, device information, and cookies.
• Usage Data: User behaviour, preferences, and interactions with our services.

1.2 How We Collect Data:

We obtain personal information in various ways, including but not limited to:

• Direct Interactions: Information provided directly by customers through registration, transactions, or customer support.
• Automated Technologies: Data is collected automatically through website cookies, server logs, and blockchain transactions.
• Third Parties: Information received from third-party service providers, partners, and public sources.

2.1 How We Use Your Personal Information

We may use your personal information for one or more of the following purposes;

• Service Delivery: To process transactions, manage accounts and provide customer support.
• Legal Compliance: To comply with legal obligations, prevent fraud, and ensure regulatory compliance.
• Marketing: To send promotional materials and updates, subject to user consent.
• Improvement of Services: To analyze usage patterns and improve service offerings.
• Business Transfers: In connection with any merger, sale of company assets, or acquisition.
• Risk Assessment: To assess financial and insurance risks as well as for audit, compliance and risk management purposes.
• Research and Reporting: To conduct research for analytical purposes, produce reports, and consolidate records.

2.2 Change of purpose

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us via our support channels.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

2.3 Disclosure of Personal Information

As a part of providing you with our products and services, and for the management and operations of these products and services, and to comply with legal and regulatory requirements, we may need or be required to disclose information about you and your account with us to the following third parties:

• companies and organisations that act as our agents, affiliates and/or professional advisers;
• companies and organisations that assist us in processing or otherwise fulfilling transactions that you have requested;
• law enforcement, regulatory and governmental agencies;
• your advisers (including but not limited to accountants, auditors, lawyers, financial advisers or other professional advisers) where authorised by you;
• any other person notified by you as authorised to give instructions or to use the accounts, facilities, products or services on your behalf.

The aforementioned third parties may in some instances be located outside of your country.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

3.1 Legal Basis for Data Processing

Our legal basis for data processing includes:

• Consent
• Legal Obligation
• Contract
• Legitimate Interest

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. However, you have the right to withdraw your consent to the processing of your personal data at any time, in accordance with the Nigeria Data Protection Act (NDPA) 2023. Such withdrawal shall not affect the lawfulness of processing carried out based on consent before its withdrawal.

Zabira Digital Services Limited may continue to process your data where there is an alternative legal basis, such as the performance of a contract, compliance with legal obligations or the pursuit of Zabira's legitimate interests which is conducting and managing our business and giving you the best service/product – provided the effect and impact on you do not override such interests (unless we have your consent or are permitted or required to by law). You may obtain more information about how legitimate interests may have any potential impact on you in respect of specific activities by contacting us.

4.1 Data Storage:

Personal data is stored securely on encrypted servers, both locally and in the cloud, ensuring compliance with data protection laws.

Blockchain transaction data is immutable and publicly accessible, with personal information pseudonymized or anonymized where possible.

4.2 Data Security:

Zabira places great importance on ensuring the security of your personal information. We regularly review and implement up-to-date technical and organisational security measures when processing your personal information. Some of our data security measures include:

• Encryption: Encryption of data both in transit and at rest.
• Access Controls: Restriction of access to personal data to authorized personnel only.
• Regular Audits: Regular security audits and assessments to identify and mitigate potential risks.
• Incident Response: A structured incident response plan to address data breaches or security incidents promptly.
• Personnel Management: Employees of Zabira are trained to handle users' personal information securely and with utmost respect, failing which they may be subject to disciplinary action.

Please note that in addition to all our best efforts and reasonable steps to protect your data, we recognize the risks of unethical or unforeseen security breaches, therefore, we have established procedures to deal with any suspected data breach and will notify you and any regulator of a breach where we are legally required to do so. However, we are not liable for breaches arising despite our best efforts.

5.1 International Transfer

As a global company, the personal data we collect from you may be transferred to, processed, and stored in countries other than the country in which the data was originally collected. We ensure that such transfers comply with applicable data protection laws by implementing appropriate safeguards, including:

• Standard Contractual Clauses: Using approved contractual clauses for data transfers.
• Adequacy Decisions: Transferring data to countries recognised by relevant authorities as providing an adequate level of data protection.
• Binding Corporate Rules: Adopting internal policies approved by data protection authorities to safeguard personal data across our group.

Any processing of such information will be undertaken by our staff, or the staff of our third-party service providers, whose roles will include verifying your identity, processing payment details, and providing customer support. By submitting your personal data, you agree to the transfer, storing or processing of it outside of your jurisdiction.

5.2 Third-Party Service Providers

Zabira Digital Services Limited may engage third-party service providers to process personal data on our behalf for purposes such as identity verification, transaction processing, data analytics, cloud storage and communication services.

All such third parties are contractually obligated to comply with applicable data protection laws and are bound by data processing agreements that ensure confidentiality, integrity, and availability of the personal data they process. These providers are only permitted to process data based on Zabira's instructions and for no other purpose.

6.1 Annual Retention Review

Zabira reviews its data retention schedules annually to ensure alignment with applicable regulations, business needs, and data minimization principles. Where legally permissible, we may retain anonymized or aggregated data for analytical or statistical purposes beyond the retention period without further notice.

6.2 Retention of Anonymized Data

Where data is no longer required for the original purpose and has been appropriately anonymized or aggregated to remove any personally identifiable information, Zabira Digital Services Limited may retain such data for analytical, statistical or research purposes. This data will not be used to identify individual and is excluded from data subject rights under this policy.

6.3 Data Deletion and Anonymization

• Personal data that is no longer needed is securely deleted or anonymized.
• Blockchain data cannot be deleted, but personal information within it will be pseudonymized.

8.1 What We May Need From You

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

8.2 Time limit to respond

We try to acknowledge all legitimate requests within 24hrs and resolve any queries within three (3) to five (5) business days. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

8.3. Acceptance Of Privacy Policy

By accessing and using any of our services, you signify acceptance to the terms of this Privacy Policy. Where we require your consent to process your personal information in a manner other than as contained in this Privacy Policy, we will ask for your consent to the collection, use, and disclosure of your personal information. Zabira may provide additional "just-in-time" disclosures or additional information about the data collection, use and sharing practices of specific products and services. These notices may supplement or clarify Zabira's privacy practices or may provide you with additional choices about how Zabira processes your data. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, you should immediately discontinue access or use of our services and products.

9.1 Incomplete Personal Information

Where indicated (for example in application forms or account opening forms), it is obligatory to provide your personal information to us to enable us to process your application for our products or services. Should you decline to provide such obligatory personal information, we may not be able to process your application/ request or provide you with our products or services.

9.2 Revisions To This Privacy Policy

This Privacy Policy may be revised from time to time. If there are any material changes, Zabira will notify you (e.g. by email communication or posting a prominent notice). This version was last updated on 16th March, 2026.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.