Loading Componrnt...
Privacy Policy
Converted on: 2025-09-23
Mango Zest Lab Limited (“Mango Zest”, “we”, “us”, or “our”) is a company duly incorporated under the laws of the Federal Republic of Nigeria, with global operations in view. We are a technology-driven enterprise providing transformative solutions across industries. We specialize in building platforms for Blockchain, Payments, eCommerce, Social Platforms, Virtual Reality/Augmented Reality, Fintech, Immersive Experiences, AI, and Large Language Models (LLMs), delivering cutting-edge products and services that redefine digital interactions.
This Privacy Policy sets out in detail how we collect, use, disclose, transfer, store, and protect your personal information when you interact with our websites, mobile applications, digital platforms, APIs, blockchain services, and back-office systems (collectively, “Services”).
For emphasis, this Privacy Policy explains how we collect, use, disclose, and process your personal data when you use our website and other places where Mango Zest acts as a data controller—for example, when you interact with one of our products or platforms as a consumer for personal use, or when we operate and provide our commercial customers and their end users with access to our commercial products (“Commercial Services”).
This Privacy Policy does not apply where Mango Zest acts as a data processor and processes personal data on behalf of commercial customers using Client’s Commercial Services – for example, you're using an app that is powered on the back-end by Mango Zest. In those cases, the commercial customer is the controller, and you can review their policies for more information about how they handle your personal data.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. Where required by law, we will seek your explicit consent before processing your personal information.
We are committed to safeguarding your personal data in line with:
- The Nigeria Data Protection Act 2023 (NDPA) and regulations issued by the Nigeria Data Protection Commission (NDPC)
- The EU General Data Protection Regulation (GDPR).
- And other applicable data protection frameworks globally.
Information We Collect
We collect both personal and non-personal data, depending on the nature of your interactions with our Services. Categories include:
Personal Identification Information
- Full name, residential and/or business address, email address, and phone number.
- Date of birth, nationality, and gender (where required).
- Identity verification documents (international passport, driver’s licence, national ID, voter’s card, or any government-issued identification).
- Tax Identification Numbers, social security numbers, or equivalent identifiers
- Politically Exposed Person (PEP) status and related disclosures.
Financial & Transactional Data
- Bank account details, International Bank Account Numbers (IBAN), SWIFT/BIC codes.
- Debit/credit card numbers, expiry dates, CVV (processed securely and never stored in plain form
- Stablecoin wallet addresses and associated balances.
- Transactional metadata such as timestamps, counterparties, payment references, and transaction hashes
- Proof of source of funds (e.g., payslips, bank statements, shareholding certificates).
Web3-Specific Data
- Wallet addresses and other supported blockchain networks.
- Smart contract interactions, tokenization submissions, and validator confirmations.
- Immutable blockchain records associated with your public key.
- Decentralized identifiers (DIDs) and other cryptographic proofs used for authentication.
- Proof of source of funds (e.g., payslips, bank statements, shareholding certificates).
Technical & Usage Information
- Device type, IP address, operating system, and browser information
- Geolocation data derived from IP mapping or device settings.
- Log records capturing your interactions with our Services, including login times, duration, actions taken, and frequency.
- Metadata from cookies, beacons, SDKs, and analytics tools.
Communications & Support Data
- Emails, chat messages, and recorded customer support calls.
- Complaints, dispute records, and escalation history.
- Survey responses, user feedback, and participation in beta testing or pilot programmes.
Purposes of Data Processing
We process personal information strictly for legitimate business, legal, and operational purposes, including
- Account creation, onboarding, and KYC/AML verification.
- Provision of stablecoin-enabled payments, blockchain interactions, and tokenization services
- To conduct Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF) checks, Know-Your-Customer (KYC) verifications, and fraud prevention.
- Fulfilment of legal, tax, and regulatory obligations in Nigeria and other jurisdictions
- Customer support, dispute resolution, and transaction monitoring.
- Enhancement of platform security, including penetration testing and threat detection
- Performance of contractual obligations under our Terms of Service
- Delivery of marketing, newsletters, and promotional campaigns (where you have opted in)
- Business analytics, research, and service improvement
- Risk assessment, litigation defence, and corporate governance.
Legal Basis for Processing
We rely on one or more of the following lawful grounds:
- Consent: For marketing communications or optional data sharing.
- Contractual Necessity: To deliver services under our agreement with you.
- Legal Obligation: Compliance with NDPA, AML/CTF laws, securities regulation, and tax reporting.
- Legitimate Interests: Protecting our platforms against abuse, improving services, and pursuing business objectives without overriding your rights.
- Vital Interests: Where processing is necessary to protect you or others from serious harm.
Methods of Data Collection
- Direct Submission: Via registration forms, KYC submissions, funding your account, or customer support interactions
- Automated Means: Through cookies, session trackers, analytics, and blockchain logs when you interact with our Services
- Legal Obligation: Compliance with NDPA, AML/CTF laws, securities regulation, and tax reporting.
- Legitimate Interests: Protecting our platforms against abuse, improving services, and pursuing business objectives without overriding your rights.
- Vital Interests: Where processing is necessary to protect you or others from serious harm.
Data Retention
We retain your personal data only as long as necessary to fulfil the purposes outlined in this Privacy Policy, including compliance with applicable legal, accounting, and regulatory requirements. In most cases:
- KYC and transaction records: Minimum of 5 years, extendable if required by law.
- Communications: Retained for as long as you maintain an account with us, and longer if required by law
- Blockchain data: immutable and permanently stored on the ledger, though linkage to personal identifiers is minimised
- Marketing preferences: Until you opt-out or withdraw consent
Data Sharing & Disclosures
We may share your information with:
- Regulatory and supervisory authorities in Nigeria and abroad (NDPC, CBN, SEC, EFCC, and quivalent global regulators).
- Financial institutions, payment processors, correspondent banks, and stablecoin issuers.
- Legal advisors, auditors, consultants, and service providers (IT, analytics, compliance, insurance, customer support).
- hird-party service providers, including cloud hosting, analytics, KYC/AML solutions, and IT infrastructure, subject to strict contractual obligations
- Law enforcement, government bodies and courts upon receipt of valid legal orders.
We do not sell or rent personal data to marketers or unrelated third parties.
International Transfers
Given the global nature of blockchain technology and our approach, your data may be transferred outside Nigeria. Where we transfer data internationally, we will ensure:
- Adequacy Decisions (where countries are recognised as providing equivalent protection).
- Standard Contractual Clauses (SCCs) approved under GDPR.
- Binding Corporate Rules (BCRs) for internal group data sharing.
- Encryption and pseudonymisation to minimise risk during transfer.
Security Measures
We implement physical, technical, and organisational safeguards to protect your personal
- End-to-end encryption (TLS/SSL) and AES-256 encryption for stored data
- Multi-factor authentication for account access.
- Segregation of duties and role-based access to sensitive data.
- Continuous monitoring, intrusion detection systems, and firewalls
- Regular penetration testing and ISO 27001-aligned security audits.
- Secure key management for blockchain addresses.
Despite these measures, blockchain transactions recorded on public ledgers are inherently immutable and transparent. While we minimise identifiable linkages, you should exercise caution when using blockchain addresses that can be associated with your identity
Cookies & Tracking Technologies
We use cookies and similar technologies for:
- User authentication and session management.
- Traffic analytics and platform performance
- Preference storage and customisation of user interfaces.
You may disable cookies via your browser settings, but this may affect certain features of our Services.
Automated Decision-Making & Profiling
We may use automated tools for:
- Risk assessment and AML screening.
- Fraud detection and suspicious activity monitoring.
- Transaction screening for compliance purposes.
However, final decisions with significant legal or financial impact are subject to human review.
Data Subject Rights
Under NDPA, GDPR, and other applicable laws, you may have the following rights:
- Right to be informed about how we process your data.
- Right of access to the personal data we hold about you
- Right to rectification of inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) subject to legal limitations
- Right to restrict processing in certain circumstances.
- Right to object to processing, including direct marketing
- Right to data portability.
- Right to withdraw consent at any time (where processing is based on consent).
Requests can be made by contacting us at the details below. We may require identity verification before responding.
Third-Party Links
Our Services may contain external links. Mango Zest is not responsible for third-party data practices. We strongly recommend reviewing their privacy policies before providing personal data.
Children’s Privacy
Our Services are strictly limited to individuals 18 years and above. We do not knowingly collect or process children’s data. Where such data is inadvertently collected, we will delete it immediately.
Policy Updates
We may amend this Privacy Policy to reflect changes in regulation, technology, or corporate operations. All updates will be posted with a new “Last Updated” date. Users will be notified of material changes via email or platform notices. Continued use of our Services constitutes acceptance of any changes.
Policy Updates
We may amend this Privacy Policy to reflect changes in regulation, technology, or corporate operations. All updates will be posted with a new “Last Updated” date. Users will be notified of material changes via email or platform notices. Continued use of our Services constitutes acceptance of any changes.
Contact Us
For enquiries, questions, complaints, or to exercise your data protection rights, please contact our Data Protection Officer (DPO)
MangoZest Technologies Limited
Data Protection Officer