Skip to content
Vixzz
Business
Pricing
About Us Careers Press Blog
Terms of use Privacy policy Cookie policy Compliance
Help Developers
Login
Toggle navigation menu
Transfers
Personal / Home Business Pricing
Company
About Us Careers Press Blog
Legal
Terms of use Privacy policy Cookie policy Compliance
Support
Help / Support Developers / API
Login
Legal sections On this page
Overview Security architecture Data we collect Processing bases Data sharing International transfers Retention Privacy rights Infrastructure guardrails Third-party ecosystems Policy changes Contact
Global

Global Privacy Policy

Last updated: June 4, 2026

At Vixzz Technologies Ltd, together with its subsidiaries, corporate affiliates, regional operational branches, and international financial networks, your privacy, data integrity, and digital security are fundamental to our mission.

We operate a highly secure, bank-grade, international remittance, wallet, and programmatic payout ecosystem designed to compete directly with legacy global money transfer platforms.

This Global Privacy Policy ("Policy") provides an exhaustive, granular breakdown of how we collect, process, store, transfer, share, and safeguard your personal and business data when you access or interact with our websites, desktop interfaces, iOS and Android mobile applications, wallet features, and developer Application Programming Interfaces (APIs), collectively the "System".

This Policy applies universally to all individuals and legal entities who interface with the System, including:

  • Standard Users: Individual consumers sending personal international remittances, managing a personal cash balance, or receiving money.
  • Business Clients: Corporate entities, enterprises, e-commerce platforms, and registered merchants utilizing our high-scale payout infrastructure and bulk settlement queues.
  • Independent Agents: Over-the-counter (OTC) payout providers, cash-in/cash-out merchants, and local liquidity operators who facilitate funding on the ground.
  • API Developers: Engineering teams, software developers, and technical organizations integrating Vixzz SDKs, webhooks, and endpoint rails into proprietary platforms.

1. The Vixzz security arithmetic: zero-trust and zero-knowledge architecture

To ensure maximum data protection across volatile global networks, Vixzz does not treat security as an afterthought. Our entire System is engineered around a strict "Zero-Trust" and "Zero-Knowledge" privacy framework designed to mitigate international cyber threats and data exposure.

1.1 Multi-layer envelope encryption

All sensitive data payloads, including government identification numbers, bank routing credentials, mobile money keys, and financial transaction histories, are encrypted immediately at the application layer using a multi-layer envelope encryption model. This process encrypts data using unique Data Encryption Keys (DEKs), which are subsequently wrapped and protected by Master Encryption Keys (MEKs).

1.2 Infrastructure isolation

Our cloud ledger and database configurations are deeply isolated. Under this zero-knowledge model, sensitive user attributes are cryptographically shielded. This prevents underlying cloud hosting providers, infrastructure managers, or Virtual Private Server (VPS) vendors from accessing raw transaction values, personal configurations, or cryptographic signing keys in plain text.

1.3 Endpoint and API defenses

All mobile application connection pools and developer API endpoints are protected by automated defensive measures. This includes cryptographic webhook signing, device-binding tokens, and aggressive runtime application self-protection (RASP) mechanisms to neutralize brute-force attacks, reverse-engineering exploits, and malicious injections.

2. Comprehensive categories of data we collect

To maintain operational integrity, evaluate financial risk, and fulfill cross-border transmission requests, Vixzz collects various types of information. We categorize this data as follows.

2.1 Information you actively provide to us

A. Standard User onboarding data

  • Identity Information: Full legal first name, middle name, and surname; date of birth; gender; and nationality.
  • Government-Issued Documents: High-resolution photographs or scans of your national identity card, international passport, alien registration card, or driving license.
  • Contact Information: Physical residential address, including street, city, postal code, and country, verified personal email address, and active mobile telephone number.
  • Source of Wealth Documentation: Bank statements, payslips, or tax filings when required to clear higher velocity remittance tiers.

B. Business Client and Agent verification data (KYB)

  • Corporate Identity: Official legal business name, trade names, and "doing business as" (DBA) designations.
  • Regulatory Filings: Certificate of incorporation, articles of association, corporate tax identification numbers, business operating licenses, and utility bills for address verification.
  • Beneficial Ownership Data: Full names, contact details, and government IDs of all Ultimate Beneficial Owners (UBOs) holding a twenty-five percent (25%) or greater stake in the enterprise, along with corporate resolution letters authorizing account operators.

C. Financial and recipient coordinates

  • Funding Attributes: Bank account routing numbers, card numbers stored exclusively via PCI-DSS compliant tokenization pathways, or local mobile money wallet numbers.
  • Recipient Payout Information: Full legal name of the recipient, physical location, destination country, bank account name and number, card details, or mobile money network parameters, such as wallet provider and telephone number.

2.2 Information automatically captured via System interaction

A. Technical device telemetry

  • Hardware Profiling: Device brand, hardware model, operating system version, screen resolution, active system languages, and unique device identifiers, such as IMEI or UUID.
  • Network Intelligence: Current IP address, proxy usage flags, Virtual Private Network (VPN) detection logs, cellular country code, mobile carrier details, and Wi-Fi network SSIDs.

B. Mobile biometrics and Passkey integration

  • Advanced Authentication: The Vixzz mobile application natively integrates with advanced authentication tools, including secure face verification, palm verification, and Passkeys for payment confirmation.
  • Data Isolation Guardrail: Vixzz never captures, transmits, or stores your actual biological or mathematical biometric templates on its external cloud servers. The System triggers your mobile device's internal Secure Enclave or hardware-level authentication system, receiving only a secure, encrypted cryptographic token verifying that the authorized user has confirmed the action.

C. Precise geolocation tracking

  • Spatial Telemetry: Precise real-time GPS coordinates, cellular tower triangulation, and IP-derived location data.
  • Why this is mandatory: This data is captured explicitly to combat localized financial fraud, identify identity velocity anomalies, such as an account accessed simultaneously from two distinct countries, and dynamically enforce geographic app-store restrictions and licensing boundaries.

D. Operational logs and API audits

  • Performance Metrics: System latency records, user interface navigation flows, click maps, application crash logs, API call volumes, idempotency key parameters, and webhook response payloads.

3. Granular purposes and legal bases for processing

Vixzz never processes your personal information arbitrarily. Every processing activity is tethered strictly to a valid international legal basis, outlined comprehensively in the data matrix below.

Functional purpose for processing Categories of data utilized Explicit legal basis
Executing cross-border remittances Full name, financial funding data, recipient payout coordinates, and send amounts. Fulfillment of Contract: Necessary to process the payment instructions you explicitly initiate through the System.
Customer identity verification (KYC/KYB) Government IDs, corporate registration certificates, UBO details, and tax numbers. Compliance with Legal Obligations: Mandatory under international banking laws and global anti-money laundering frameworks.
Sanctions and political exposure screening Full legal names, dates of birth, and country of origin. Compliance with International Law: Obligatory matching against OFAC, EU, UN, and international restricted party databases.
System security and fraud prevention Precise GPS telemetry, device fingerprints, and transaction velocity history. Legitimate Business Interests: Essential to protect the network from malicious attacks, unauthorized logins, and fraud loops.
Programmatic API operations Public developer keys, webhook tracking logs, and server performance data. Legitimate Business Interests: Necessary to maintain API infrastructure up-time and stability for enterprise clients.
Direct customer support Email address, mobile number, and historical communication tickets. Fulfillment of Contract / Legitimate Interest: Required to troubleshoot system errors and resolve transaction delays.

4. Strict data sharing policy and partner routing

We do not sell, rent, lease, trade, or distribute your personal or business data to third-party marketing companies, data aggregators, or unauthorized brokers. We only disclose data to specific counterparties necessary to execute international money transfers or comply with global law enforcement mandates.

4.1 Liquidity agents and blockchain settlement rails

To provide near-instantaneous cross-border money transfer services and bypass legacy banking latency, our backend architecture coordinates with licensed liquidity partners, over-the-counter (OTC) desks, and regional settlement banks.

Our system utilizes secure, asset-backed blockchain settlement rails, specifically USDT and USDC, for agent-to-agent and treasury-level clearing.

User interface boundary

Personal transaction components remain completely focused on local fiat currencies. Although stablecoin mechanisms may operate in the backend background to maintain liquidity between global corporate agents, your data views, receipts, and user balances are entirely represented in standard fiat denominations, such as KES, USD, and EUR, to maintain absolute price clarity and consumer trust.

4.2 Payout network operators

We transmit specific recipient profiles and routing instructions to local payout infrastructure providers, including national mobile money networks, regional automated clearinghouses (ACH), and local bank payout partners, to complete final delivery of funds.

4.3 Third-party verification providers

We share your onboarding data and identity documents with specialized, heavily vetted third-party Know Your Customer (KYC) and risk vendors. These partners run automated validation scans, facial match checks, and anti-money laundering (AML) status verifications against official government databases and international sanctions indices.

4.4 Judicial, regulatory, and law enforcement requests

Vixzz will disclose your identity information, operational metrics, and transaction logs to central banks, financial intelligence units (FIUs), tax regulators, or state law enforcement authorities if we are under a legal obligation to do so by a valid subpoena, court order, or statutory mandate. We may also share data if we determine in good faith that disclosure is necessary to prevent physical harm, report suspected terrorist financing, or defend against active systemic cyberattacks.

5. International data transfers and regional constraints

Because Vixzz is a global network, the personal and business information we collect will be transferred across international borders, processed, and stored outside of your country of residence. For example, financial data captured from a user in East Africa or Europe may be routed through encrypted data pipelines to cloud data centers located in North America or alternative secure cloud hubs for real-time risk assessment and automated fraud scoring.

5.1 Safeguards for global data flow

To ensure your personal data receives an identical tier of protection regardless of geographic location, Vixzz implements rigid regulatory safeguards:

  • Standard Contractual Clauses (SCCs): We execute standardized data transfer contracts approved by international supervisory regulators with all processing nodes, international branches, and corporate entities.
  • Data Processing Addendums (DPAs): Every institutional partner or enterprise client routing data through our APIs must sign a rigorous DPA specifying that data must be handled according to strict encryption and confidentiality terms.
  • Data Localization Compliance: Where local laws explicitly require financial records to remain native, such as specific central bank data residency rules, Vixzz deploys localized hybrid cloud servers to retain primary transaction records inside that specific country's physical borders.

6. Data retention and destruction manifesto

Vixzz retains your personal data only for as long as required to satisfy operational needs, deliver the services you request, and comply with international statutory frameworks.

6.1 Regulatory record-keeping mandates

Under international Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and banking records statutes, Vixzz is legally obligated to archive your core identity verification data, corporate records, transaction history, KYC documents, and direct system communication logs for a minimum period of five (5) to seven (7) years from the exact date your user account relationship with Vixzz is formally closed.

6.2 Ephemeral data purging

Data fields that are not subject to explicit statutory retention windows, such as diagnostic application error logs, temporary multi-region routing cache arrays, and transient API connection payloads, are automatically overwritten, purged, or entirely anonymized within short operational windows via automated internal script rules.

6.3 Secure destruction

Once the legal retention period expires, Vixzz systematically destroys or irrevocably anonymizes all records using industry-standard cryptographic erasure techniques, ensuring the data can never be re-associated with an identifiable individual.

7. Exercising your statutory data privacy rights

Depending on your jurisdiction of residence, such as the European Union or United Kingdom under the General Data Protection Regulation, California under the CCPA, or Kenya under the Data Protection Act, you possess powerful legal rights regarding your personal information.

  • Right of Access and Portability: You have the right to request a complete, machine-readable export, such as a structured JSON or CSV file, containing the exact personal information Vixzz maintains about you, along with detailed explanations of our processing logic.
  • Right to Rectification: You can modify, correct, or update incomplete or inaccurate identity profiles, addresses, or business metadata at any time through your application account settings or by submitting a ticket.
  • Right to Erasure ("Right to be Forgotten"): You can submit a request demanding that Vixzz delete your personal data entirely from its production infrastructure.
  • Right to Restrict or Object to Processing: You can object to, or demand that we limit, the processing of your personal information for automated profiling, internal system optimizations, or platform analytics.

The critical legal exception

Vixzz cannot fulfill a deletion request if the data is currently subject to the mandatory 5-7 year global financial record-keeping laws described in Section 6.1. In these scenarios, your account will be permanently deactivated, and your data will be extracted from active processing queues and safely locked in an isolated archive until the statutory holding window closes.

To execute any of your statutory rights, please contact our global privacy desk directly at legal@vixzz.com. We will verify your identity before releasing any records and will respond within the mandatory timeframes established by your local jurisdiction.

8. Administrative and technological infrastructure guardrails

Vixzz employs a comprehensive suite of security controls to maintain data privacy and neutralize malicious actions.

8.1 Transport and storage protections

All data transmitted between our native mobile applications, web dashboards, developer API clients, and our core cloud databases is encrypted in transit using Transport Layer Security (TLS 1.3). Once inside our production layer, data is encrypted at rest using Advanced Encryption Standard (AES-256) at the storage block level.

8.2 Malicious traffic filtering and rate limiting

To defend against systemic corporate espionage, data harvesting, and unauthorized intrusion, our network employs automated Web Application Firewalls (WAF) and aggressive rate-limiting algorithms. These protocols systematically block distributed denial-of-service (DDoS) attempts, automated scraping scripts, and credential-stuffing software vectors.

8.3 Internal access isolation

Access to user data within Vixzz is strictly governed by the principle of least privilege. Only certified compliance officers, essential data protection supervisors, and lead security infrastructure engineers are granted temporary, strictly audited access tokens to view partial user segments. All internal file reads and queries are written to immutable, tamper-evident security audit logs.

9. Third-party ecosystems and developer API responsibility

The Vixzz System features advanced API integration portals for Business Clients and Developers.

If you are an individual customer interacting with an external website, e-commerce market, digital wallet, or mobile platform built by a third party utilizing the Vixzz Developer API, please be aware that your data interaction with that external platform is governed strictly by that third party's independent privacy documentation.

Vixzz does not control, monitor, or assume any liability for the internal data collection, storage, security, or privacy policies of third-party enterprises or applications that build products on top of our payment rails. We advise you to review their specific policies carefully before authorizing any payment transaction.

10. Protocol for changes to this Privacy Policy

Vixzz reserves the absolute right to modify, amend, update, or replace this Global Privacy Policy at any time to reflect updates to our technical systems, changes in cross-border stablecoin routing mechanics, or evolving data privacy regulations.

10.1 Notification of revisions

When an update occurs, we will modify the "Last Updated" and "Effective Date" markers displayed at the top of this Policy.

10.2 Material amendments

For material adjustments that directly alter how we process your personal cash balances, evaluate geolocation tracking, or share data with external providers, we will provide at least thirty (30) days' advance notice. This notification will be delivered via a prominent in-app alert, an internal developer dashboard broadcast, or an explicit direct email communication. Your continuous access to the System following the effective date of a posted update confirms your acceptance of the revised Global Privacy Policy.

11. Contact channels and compliance headquarters

If you have questions regarding this Global Privacy Policy, wish to report a security vulnerability, or seek to submit an official inquiry to our designated Data Protection Officer (DPO), please contact our teams through our specialized, monitored communication queues:

  • Privacy Rights Requests, DPAs, and Legal Notices: legal@vixzz.com
  • General Application Support and Troubleshooting Account Access: support@vixzz.com
  • Business Onboarding and Corporate KYB Audits: business@vixzz.com
  • API Security Protocols, Vulnerability Disclosures, and Webhook Assistance: api-support@vixzz.com
Corporate Address Vixzz Technologies Ltd Attn: Global Data Privacy and Regulatory Compliance Office Registered office address to be confirmed in the jurisdiction-specific counsel-approved production privacy policy before public launch.
Vixzz

Global money transfers in local currency. Fast, secure, and low cost international remittances.

Company

About Us Careers Press Blog

Support

Help center Contact us FAQs Security

Legal

Terms of use Privacy policy Cookie policy Compliance

Use Cases

Send to Africa Send to Asia Business API Personal app

Download the app

App Store Google Play
© 2026 Vixzz. All rights reserved.
Privacy Terms Security Cookies