Privacy Policy

1. Legal Basis & Applicability

This Privacy Policy is governed by applicable Indian laws, including:

• The Information Technology Act, 2000
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• The Digital Personal Data Protection Act, 2023
• Applicable Reserve Bank of India (RBI) regulations

This Policy applies to all users of Zeyro's platforms located in India. Zeyro currently does not offer services outside India.

2. What Information We Collect

We collect only information that is relevant, lawful, and necessary to provide our services, comply with regulations, and improve your experience.

A. Personal Identification Information

Name, age, gender, email address, and mobile number — collected during account creation and used solely to identify and communicate with you.

B. KYC & Regulatory Information

PAN, video or digital KYC verification, and other documents required under applicable financial regulations.

C. Financial Information

With your explicit consent, we collect bank account details, balances, transaction history, spending patterns, investment details, and portfolio data. This data is used solely to provide Zeyro's financial management and AI intelligence features.

D. Authentication & Security Information

OTPs, device-based security signals, and session credentials used to protect and verify your account.

E. Device & Technical Information

Device identifiers, operating system version, app version, IP address, and anonymised usage analytics collected automatically when you use the Zeyro iOS app or web platform.

F. AI-Processed Data

When you use Zeyro's AI-powered features, certain financial data is processed by Zeyro's AI infrastructure to generate personalised insights and recommendations. Full details are provided in Section 4A.

G. iOS App Data

When you use our iOS application, we collect the data types listed in our App Store privacy nutrition label, accessible on our App Store listing. All data collected through the iOS app is subject to this Privacy Policy and Apple's App Store Review Guidelines.

3. When We Collect Information

Your information may be collected when you:

• Visit or create an account on the Zeyro platform or iOS app
• Complete onboarding, KYC verification, or account setup
• Link your bank account or financial instruments
• Interact with the Zeyro AI, budgeting tools, or goal features
• Use the AI chat or request financial insights
• Communicate with our support team
• Respond to in-app notifications or prompts

4. How and Why We Use Your Information

• Creating and managing your user account
• Verifying your identity and access rights
• Conducting mandatory KYC and regulatory checks
• Providing and continuously improving financial products and services
• Generating AI-powered financial insights and recommendations
• Processing transactions and standing instructions
• Sending service communications, alerts, and security notifications
• Ensuring platform security and fraud prevention
• Complying with applicable laws and regulatory obligations
• Improving the accuracy and relevance of AI-generated insights

4A. Use of AI Services — Third-Party Data Processing

This section specifically addresses Apple App Store Review Guidelines 5.1.1(i) and 5.1.2(i) regarding third-party AI data sharing.

Zeyro is an AI-native financial companion. Its core features — including financial insights, budget intelligence, spending analysis, and conversational guidance — are powered by artificial intelligence. To deliver these features, certain user data is transmitted to Zeyro's AI processing infrastructure.

What data is sent for AI processing:

• Transaction history and spending patterns
• Account balances and net worth data
• Financial goals and savings milestones
• Budget configurations and category limits
• Anonymised behavioural signals and app interaction data
• Queries and messages entered into the Zeyro AI chat

Who processes this data:

Zeyro's AI features are powered by a combination of AI model providers and Zeyro's own proprietary AI infrastructure. These providers are carefully selected based on security compliance, data protection standards, and contractual commitments. All AI processing partners are:

• Bound by strict data processing agreements with Zeyro
• Prohibited from using your data for any purpose beyond delivering Zeyro's features
• Prohibited from training their own AI models on your personal financial data
• Required to maintain security standards equivalent to or exceeding Zeyro's own
• Not permitted to sell, share, or transfer your data to any third party

How this data is used:

• To generate personalised financial insights visible only to you
• To power the Zeyro AI chat and recommendation engine
• To identify spending trends and suggest budget optimisations
• To forecast end-of-month financial positions
• To surface behavioural guardrails and impulse spend alerts

What this data is NOT used for:

• Advertising, retargeting, or marketing of any kind
• Sale or transfer to data brokers
• Building advertising profiles or tracking user behaviour across apps
• Any purpose beyond delivering Zeyro's stated in-app features

Your consent to AI data processing is obtained explicitly within the app during onboarding, before any financial data is transmitted to AI processing systems. As Zeyro is an AI-native product, AI processing is fundamental to the app experience. If you do not consent to AI data processing, you may request account deletion at any time via Settings → Delete Account or by emailing connect@zeyro.in.

5. Third-Party Service Providers

Zeyro uses trusted third-party service providers to operate its platform, including cloud infrastructure providers, analytics services, KYC verification partners, payment processors, and AI model providers. All third-party providers are:

• Contractually bound to protect your data under terms no less protective than this Privacy Policy
• Prohibited from using your data for independent commercial purposes
• Required to comply with applicable data protection laws including the DPDPA 2023
• Subject to regular compliance review by Zeyro

Zeyro does not sell or rent your Personal Information to any third party. Information may be shared with regulated financial institutions or legal authorities only when required by applicable law.

6. Tracking & Advertising

Zeyro does not track users for advertising purposes. Specifically:

• Zeyro does not link your data with third-party data for advertising
• Zeyro does not share your data with advertising networks or data brokers
• Zeyro does not use your data to build advertising profiles
• Zeyro does not serve third-party advertisements within the app

All data collected by Zeyro is used exclusively for delivering and improving Zeyro's financial management features.

7. Cookies & Similar Technologies

Zeyro uses cookies and similar technologies to understand how users interact with the platform, improve navigation, and enhance security. Cookies are not used for advertising tracking purposes and do not store sensitive Personal Information.

8. Storage & Retention of Data

Personal Information is stored securely, primarily within India, using bank-grade encryption and strict access controls. Data is retained only as long as necessary for the stated purpose or as required by applicable law. When data is no longer required, it is securely deleted or irreversibly anonymised.

9. Security Practices

Zeyro uses multiple layers of security to protect your data, including:

• End-to-end encryption for all data in transit (TLS 1.2+) and at rest (AES-256)
• Firewalls and intrusion detection systems
• Periodic third-party security audits and vulnerability assessments
• Role-based access controls — no employee has unrestricted access to user data
• Secure API design with token-based authentication

While we take all reasonable precautions, no system is completely immune to risk. We encourage users to protect their account credentials and report suspicious activity to connect@zeyro.in immediately.

10. Third-Party Links

The Zeyro platform may contain links to third-party services or websites that operate independently and have their own privacy policies. Zeyro is not responsible for the privacy practices or content of linked third-party services.

11. Your Consent & Rights

By using Zeyro, you consent to the processing of your information in accordance with this Privacy Policy. You have the following rights regarding your personal data:

• Right to access — request a copy of the personal data we hold about you
• Right to correction — request correction of inaccurate personal data
• Right to deletion — request deletion of your account and associated data
• Right to withdraw consent — withdraw consent for non-essential processing at any time

To exercise any of these rights, contact us at connect@zeyro.in. We will respond within 7 business days.

12. Children's Privacy

Zeyro does not knowingly collect Personal Information from individuals under 18 years of age. Our services are intended exclusively for adults. If you believe a minor has provided us with personal data, please contact us immediately at connect@zeyro.in and we will delete the data promptly.

13. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, AI providers, or applicable laws. We will notify users of material changes through the app or by email at least 7 days before changes take effect. Continued use of the platform after changes constitutes acceptance of the updated policy.

14. Account Deletion

Zeyro provides a clear and accessible in-app account deletion flow in compliance with Apple App Store Review Guidelines 5.1.1(v).

How to Request Account Deletion

• Inside the App: Open Zeyro → Profile → Settings → Tap "Delete Account" → Confirm using OTP
• Email: connect@zeyro.in with subject line: Account Deletion Request

What Data Will Be Deleted

• Personal profile information (name, email, phone number)
• Linked financial preferences and app settings
• AI financial insights and analytics history
• Goal tracking data and budget configurations
• All non-regulatory usage data

What Data May Be Retained

Due to applicable financial regulations, Zeyro may retain certain data after account deletion, including KYC verification records, transaction records required by law, and fraud or security logs. This retention is mandatory and cannot be waived.

Retention Period: As required under applicable financial regulations, typically 5–7 years from the date of last transaction.

15. Contact & Grievance Redressal

For any questions, concerns, or grievances regarding this Privacy Policy or your personal data:

Email: connect@zeyro.in

Company: Arthazeyro Technologies Private Limited

Registered Office: Nagpur, Maharashtra, India

Response Time: We aim to respond to all privacy-related queries within 7 business days.