Skip to content
Zuta
Legal

Privacy Policy

Last updated: May 13, 2026

This Privacy Policy describes how Zuta Group ("Zuta", "we") collects, uses, shares, retains, and protects your personal information when you use the Zuta Shop, Zuta Eats, and Zuta Stays services.

1. Information We Collect

We collect information in the following categories:

  • Account information — name, email, phone number, password (hashed), country, role.
  • Profile information — addresses, photo (optional), preferences.
  • Transaction information — orders, bookings, payment method tokens (we do not store full card numbers — these stay with our payment processors), refund and dispute history.
  • Device and usage information — device type, operating system, app version, FCM/APNs push tokens, IP address, log data, in-app actions, crash and performance telemetry.
  • Location information — approximate location used for delivery routing, restaurant discovery, and stay search. Precise location is requested only when needed and only with your consent.
  • Camera and media — accessed only when you actively use a feature that needs it (e.g., delivery agents scanning a package QR code, or a user uploading a photo of a damaged item to support a return claim). Images you choose to upload are used for the stated purpose and stored under standard data-retention rules.
  • Communications — messages between users, between users and Sellers, and between users and Zuta support, including in-app messaging on Stays.
  • Identity verification — for some roles (e.g., merchants, hosts, restaurants, delivery agents) we collect business and identity documentation as required by law and our risk policy.

2. How We Use Your Information

We use your information to:

  • provide, operate, and maintain the Service;
  • process orders, bookings, payments, refunds, and post-stay damage claims;
  • communicate with you about your account, transactions, security events, and policy updates;
  • prevent fraud, abuse, and unauthorized access, including velocity checks, rate limiting, and risk scoring;
  • comply with legal, regulatory, and tax obligations;
  • improve the Service through analytics and product research;
  • send marketing communications where you have consented and where the law allows. You can withdraw consent at any time.

3. How We Share Your Information

We do not sell personal information.

We share information only as needed to operate the Service, with categories of recipients including:

  • Sellers (merchants, restaurants, hosts) — order, booking, and delivery information needed to fulfil what you bought or booked.
  • Payment processors (Stripe, MTN MoMo, Paystack, future processors) — to authorize, capture, refund, and reconcile payments. The processors handle card details directly under their own privacy practices.
  • Delivery partners and agents — pickup and drop-off information.
  • Cloud and infrastructure providers (AWS for compute, storage, and database hosting; Firebase Cloud Messaging and Apple Push Notification service for push delivery; transactional email providers; analytics providers) — under data-processing agreements that limit how they use data to operating the Service for us.
  • Legal authorities — when required by valid legal process or to protect rights, safety, or property.
  • Business successors — in connection with a merger, acquisition, or asset sale, with continuing protection consistent with this Policy.

4. International Data Transfers

The Service uses cloud infrastructure hosted in regions outside your country of residence. Where such transfers occur, we rely on standard safeguards (data-processing agreements, encryption in transit and at rest, vendor controls).

5. Data Retention

We retain personal information for as long as needed to provide the Service, comply with legal obligations (tax, financial-services rules, anti-fraud requirements), resolve disputes, and enforce our agreements. Specific retention windows include:

  • Account records — for the lifetime of the account plus statutory retention.
  • Security logs (IP, user-agent, login attempts, signing events) — typically eighteen (18) months.
  • Acceptance records (which legal documents you agreed to and when) — kept for the lifetime of the account; required for compliance and dispute defense.

We retain certain records, including transaction, tax, accounting, compliance, and financial records, for as long as required by applicable law and legitimate business needs, which may include retention periods of up to seven (7) years or longer where legally required.

When data is no longer needed, we delete or anonymize it.

6. Your Rights

Depending on the market in which you reside, you may have rights to access, correct, port, or delete your personal information; to object to or restrict certain processing; and to withdraw consent. Some rights are limited where we must keep records for legal, accounting, or fraud-prevention reasons. Requests can be made through the in-app support flow.

7. Security

We use industry-standard safeguards including encryption in transit and at rest, role-based access, secret management, audit logging, request-signing for sensitive operations, two-factor authentication, login attempt rate limiting, and account-lockout protection. No system is perfectly secure, but we work to keep your information safe.

8. Children's Privacy

The Service is intended for users eighteen (18) and older. We do not knowingly collect personal information from anyone under the minimum age. If you believe a minor has provided us information, contact us and we will take prompt action.

9. Cookies and Similar Technologies

The Zuta mobile app uses limited tracking only for fraud prevention, analytics, and personalization. Where the law requires consent for non-essential tracking, we will request it.

10. Third-Party Links and Services

The app may surface third-party services such as payment processors, identity verification providers, or external links. Their privacy practices are governed by their own policies; we are not responsible for them.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make a material change we will (a) publish a new version through our backend versioning system, (b) update the effective date, and (c) where required, request your re-acceptance.

12. Contact

For privacy questions, contact us through the in-app support flow or at the privacy contact address published on our website.