.gif)
Privacy Policy
How zung.ai collects, uses, protects, and shares data — for institutions, members, and platform users. We are committed to transparency, data sovereignty, and the highest standards of privacy globally.
1. Who We Are
Zung Technologies Ltd ("zung.ai", "we", "us", or "our") operates the zung.ai AI-native core banking platform and associated services. We are a global financial technology company registered in multiple jurisdictions and operating in 180+ countries worldwide.
This Privacy Policy applies to: the zung.ai platform used by financial institutions; the zung.ai website and web applications; all sub-brands within the Zung ecosystem (zung.media, mfilearn.com, mfidata.com, mfis.review, mfimarket.com, paymfi.com, mfidoc.com, mfileads.com, mfiweekly.com).
2. Data We Collect
We collect data in three primary capacities:
- Institution Data: Financial institution registration details, administrator credentials, configuration data, and usage analytics collected when institutions use the zung.ai platform globally.
- Member Data (processed as data processor): Financial institution member data — names, account details, transaction records, KYC documents, and biometric data — processed on behalf of institutions. zung.ai acts as a data processor; the institution is the data controller globally.
- Website Visitor Data: IP addresses, browser type, pages visited, and interaction data collected via cookies and analytics tools when visitors use zung.ai websites globally.
🔒 Key principle: zung.ai never sells member data. Institution member data is used exclusively to operate the platform for that institution and is never used for advertising, profiling, or shared with third parties without explicit instruction globally.
3. How We Use Data
Institution and member data is used to: operate and improve the zung.ai platform; train and improve AI models with appropriate anonymisation and consent; comply with legal and regulatory obligations; provide customer support and implementation services; and detect and prevent fraud and security threats globally.
- AI model training uses anonymised and aggregated data only — individual member records are never used without explicit institution consent
- Usage analytics are used to improve platform performance and user experience
- Marketing communications are sent only with explicit opt-in consent
4. Data Sharing
zung.ai shares data only in the following limited circumstances: with sub-processors necessary to operate the platform (cloud providers, KYC vendors) under binding data processing agreements; with financial regulators when legally required; with institutions regarding their own member data; and with law enforcement under valid legal orders globally.
We maintain a current list of sub-processors, available on request, and require all sub-processors to maintain security standards equivalent to our own globally.
5. Data Protection
We implement industry-leading security measures: AES-256 encryption for all data at rest; TLS 1.3 for all data in transit; SOC 2 Type II certified controls; ISO 27001 aligned security management; multi-factor authentication for all platform access; and regular penetration testing and security audits globally.
🛡️ Institution-specific encryption keys are available on the Scale and Enterprise plans — allowing institutions to hold their own encryption keys so that data becomes unreadable even to zung.ai if keys are revoked globally.
6. Your Rights
Depending on your jurisdiction, you may have rights including: right to access your personal data; right to correct inaccurate data; right to erasure ("right to be forgotten"); right to data portability; right to object to processing; and right to withdraw consent globally.
For member data held by financial institutions using zung.ai, rights requests should be directed to the institution (the data controller). For data held directly by zung.ai, contact privacy@zung.ai globally.
7. Data Retention
Financial transaction and member data is retained for 7 years from the date of last activity to meet regulatory requirements in most jurisdictions. Specific retention periods vary by jurisdiction and data type. Institution data is retained for the duration of the contract plus 3 years. Website visitor data is retained for 24 months globally.
8. International Data Transfers
zung.ai operates in 180+ countries and offers in-country hosting for 60+ jurisdictions with data localisation requirements — including Nigeria (AWS Lagos), Kenya (AWS Nairobi), South Africa (AWS Cape Town), India (AWS Mumbai), EU (AWS Frankfurt), and UAE (AWS Dubai) globally.
Cross-border data transfers are conducted under Standard Contractual Clauses (EU/UK), adequacy decisions, or equivalent mechanisms as applicable in each jurisdiction globally.
9. Cookies
zung.ai uses essential cookies for platform operation, analytics cookies (with consent) for performance measurement, and preference cookies to remember your settings. You can manage cookie preferences at any time via our Cookie Preferences page globally.
10. Contact Us
For privacy inquiries, data subject rights requests, or concerns about our data practices: