Privacy Policy
Last updated: 7 April 2026
Nature of the Service
Zen Pay is a non-custodial, self-custody wallet for USDC on the Base network. Zentech Innovation Ltd does not hold user funds and is not a payment processor, merchant acquirer, money transmitter, or financial institution. KYC/AML for USDC purchases is conducted by our regulated onramp partner(s), who act as independent data controllers for the information they collect during that process.
1. Data Controller
Zentech Innovation Ltd (Company No. 17139132), registered in England and Wales, is the data controller responsible for your personal data when you use the Zen Pay wallet and related services (the "Service").
For data protection queries, contact us at: privacy@zen-pay.net
2. Data We Collect
We collect and process the following categories of personal data:
- Account data: Your email address, used for authentication and communication.
- Wallet data: Your blockchain wallet address on the Base network, transaction history, and wallet balances.
- Identity verification data: Where required for AML/KYC compliance, we may collect identification documents, name, date of birth, and address.
- Technical data: IP address, browser type, device information, and access timestamps collected automatically when you use the Service.
- Usage data: Pages visited, features used, and interactions with the Service for analytics and improvement purposes.
3. How We Use Your Data
We process your personal data for the following purposes:
- Providing and operating the Service, including wallet creation, authentication, and transaction processing.
- Complying with legal and regulatory obligations, including AML/KYC requirements and tax reporting.
- Preventing fraud, money laundering, and other prohibited activities.
- Communicating with you about your account, service updates, or changes to our terms.
- Improving the Service through analytics and performance monitoring.
4. Legal Basis for Processing
We process your data on the following legal grounds under the UK General Data Protection Regulation (UK GDPR):
- Contract: Processing necessary to provide the Service to you.
- Legal obligation: Processing required to comply with applicable laws and regulations, including AML/KYC and financial reporting requirements.
- Legitimate interests: Processing for fraud prevention, security, and service improvement, where these interests are not overridden by your rights.
- Consent: Where applicable, for optional communications or analytics. You may withdraw consent at any time.
5. Third-Party Services
We share data with the following categories of third parties to operate the Service:
- Privy: Our identity and authentication provider. Privy processes your email address and authentication data. See Privy's Privacy Policy.
- Coinbase: Our onramp provider for purchasing USDC. When you fund your wallet, Coinbase may collect payment and identity information. See Coinbase's Privacy Policy.
- Alchemy: Our blockchain infrastructure provider for reading wallet balances and transaction data on the Base network.
- Vercel: Our hosting provider. Vercel may process technical data such as IP addresses and access logs.
We do not sell your personal data to third parties.
6. International Transfers
Some of our third-party service providers are based outside the United Kingdom. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms recognised under UK data protection law.
7. Data Retention
We retain your personal data for as long as your account is active and as needed to provide the Service. After account closure, we may retain certain data for a period necessary to comply with legal obligations (including AML record-keeping requirements, which may require retention for up to five years or longer), resolve disputes, and enforce our terms.
8. Your Rights
Under the UK GDPR, you have the following rights in relation to your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your data, subject to legal retention requirements.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
To exercise any of these rights, contact us at privacy@zen-pay.net. We will respond within one month in accordance with UK GDPR requirements.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
10. Cookies
The Service may use essential cookies and local storage for authentication and session management. We do not use third-party advertising or tracking cookies. Analytics data, if collected, is processed in accordance with this policy.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email. The "Last updated" date at the top of this page reflects the most recent revision.
12. Supervisory Authority
If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection: ico.org.uk.
13. Contact
For any questions regarding this Privacy Policy or your personal data, contact:
Zentech Innovation Ltd
Company No. 17139132
Registered in England and Wales
Email: privacy@zen-pay.net