Privacy Policy
Effective Date: May 17, 2026 · Last Updated: May 17, 2026
1. Introduction
ZuriCards is a digital celebration platform built for West Africa. We help event organizers create celebration pages, send save-the-date cards, distribute invitations, collect digital gifts, sell tickets, coordinate Aso Ebi fabric orders, and communicate with guests by SMS and email — all in one place.
This Privacy Policy explains what personal data ZuriCards collects, why we collect it, how we use and protect it, who we share it with, and what rights you have over your information. We have written this policy to be specific to how our platform actually works, not as a generic template.
By creating a ZuriCards account or using our platform in any capacity, you acknowledge that you have read and understood this policy. If you do not agree with any part of this policy, please do not use our platform.
2. Who We Are
ZuriCards is operated by TKH Tech, a technology company serving the West African market.
Data Controller: TKH Tech (trading as ZuriCards)
Republic of Benin
Privacy Contact: privacy@zuricards.com
ZuriCards acts as the data controller for account holders (event organizers). For guest data entered by organizers, ZuriCards acts as a data processor on behalf of the organizer, who bears primary responsibility for the lawfulness of collecting their guests' information.
We are subject to the laws of the Republic of Benin, including the personal data protection framework supervised by the Autorité de Protection des Données Personnelles (APDP).
3. Data We Collect
We collect different categories of data depending on how you interact with ZuriCards.
3.1 Account Registration Data
When you create a ZuriCards account, we collect your full name (to identify your account), email address (for login, notifications, and communication), phone number (optional at registration; required if you use SMS features), and your password (stored as a cryptographic hash — never in plain text).
Legal basis: Contractual necessity. This data is required to provide you with a ZuriCards account.
3.2 Celebration and Event Data
When you create a celebration page, we store your event details (name, type, date, time, venue), custom content (messages, descriptions, design choices), and photos and media you upload for your celebration page, save-the-date cards, or thank-you cards.
Legal basis: Contractual necessity and your explicit consent through use of the platform.
3.3 Guest Data (Entered by Organizers)
When you use our guest management features, you may enter your guests' personal data, including names, email addresses (for digital invitations), and phone numbers (for SMS invitations and reminders). This data is used solely to deliver communications on your behalf and to manage RSVPs. See Section 7 (Guest Data) for full details.
Legal basis: Legitimate interest of the organizer in communicating with their guests, combined with our contractual obligation to the organizer.
3.4 RSVP and Response Data
We collect RSVP responses submitted by guests, including attendance status, guest-submitted notes or dietary preferences (if enabled), and timestamp of response.
Legal basis: Contractual necessity to deliver the platform's core RSVP functionality.
3.5 Aso Ebi Order Data
When you use the Aso Ebi ordering feature, we collect fabric style and quantity selections, delivery or pickup preferences, and contact information for delivery coordination.
Legal basis: Contractual necessity.
3.6 Payment Metadata
ZuriCards integrates with KkiaPay and FeexPay to process payments. When a payment is processed, we receive a transaction reference, amount, currency, timestamp, and payment status from the payment processor. We do not receive, store, or transmit raw card numbers, CVV codes, bank account numbers, or mobile money PINs. That sensitive financial data is handled exclusively by KkiaPay or FeexPay under their own security frameworks.
Legal basis: Contractual necessity and legal obligation (financial record-keeping requirements under Beninese law).
3.7 Usage and Technical Data
When you use the ZuriCards platform, we automatically collect your IP address (for security and fraud prevention), browser type and device information (to ensure the platform works correctly), page navigation data (to help us improve the product), and error logs (to identify and fix technical issues).
Legal basis: Legitimate interest in maintaining a secure and functional platform.
3.8 Communications Data
If you contact us through support channels, we retain the content of that communication and your contact details for as long as needed to resolve your query, and for up to two years thereafter for quality assurance purposes.
4. How We Use Your Data
We use the data described above for the following purposes:
| Purpose | Data Used |
|---|---|
| Creating and managing your account | Name, email, hashed password |
| Delivering invitation cards (email and digital) | Guest email addresses, event details |
| Sending SMS messages to guests | Guest phone numbers |
| Processing payments for tickets, gifts, and orders | Payment metadata from KkiaPay / FeexPay |
| Managing RSVPs and guest lists | Guest names, RSVP responses |
| Coordinating Aso Ebi orders | Order data, delivery contact details |
| Sending transactional emails (confirmations, receipts, password resets) | Email address |
| Detecting and preventing fraud and abuse | IP address, usage data |
| Improving the platform and fixing bugs | Usage data, error logs |
| Complying with legal obligations | Payment records, account data |
| Responding to support requests | Communications data |
· We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.
· We do not use your data for targeted advertising or sell it to advertisers.
5. Data Sharing and Third Parties
ZuriCards does not sell your personal data. We share data only where necessary to operate the platform, under contractual obligations that protect your information.
5.1 KkiaPay
Role: Payment processor for mobile money and card payments (primarily Benin and West Africa)
Data shared: Transaction reference, amount, currency, and payer/payee identifiers needed to complete a transaction
Why: You initiate a payment on ZuriCards; KkiaPay processes that payment on our behalf
5.2 FeexPay
Role: Alternative payment processor for West African markets
Data shared: Transaction reference, amount, and identifiers needed to process the payment
Why: Some users route payments through FeexPay based on payment method or geography
5.3 AWS Simple Email Service (SES)
Role: Cloud email delivery provider
Data shared: Recipient email address, sender address, and email content (invitation text, confirmations, password reset links)
Why: AWS SES delivers transactional emails on our behalf reliably and securely. Email content in transit is encrypted via TLS.
5.4 SMS Gateway
Role: Third-party SMS provider operating in Benin and across West Africa
Data shared: Guest phone numbers and the SMS message content you compose
Why: To deliver SMS invitations and reminders to your guests on your behalf
5.5 AWS Cloud Infrastructure
Role: Cloud hosting and storage provider
Data shared: All ZuriCards platform data — account data, celebration content, uploaded photos, guest lists, RSVP data, and payment metadata — is stored on AWS infrastructure (primary region: ca-central-1 / Canada)
Why: AWS acts as a data processor under a Data Processing Agreement and does not access or use your data for its own purposes
5.6 Legal Disclosure
We may disclose personal data to law enforcement authorities, courts, or regulators in the Republic of Benin or other relevant jurisdictions where we are legally compelled to do so, or where disclosure is necessary to protect the rights, property, or safety of ZuriCards, our users, or the public. We will notify affected users of such requests where we are legally permitted to do so.
6. Cookies
ZuriCards uses a limited and purposeful set of cookies. We do not use advertising cookies or allow third-party ad networks to set cookies through our platform.
6.1 Session Cookies (Essential)
We use session cookies to maintain your authenticated state while you are logged in. These cookies are set when you log in, deleted automatically when you close your browser or log out, and contain only a session token — not your password or personal details. You cannot opt out of session cookies while using authenticated features, because they are essential to the service.
6.2 Functional Cookies
We may set functional cookies to remember your preferences (such as language selection) between sessions. These are first-party cookies and are not shared with third parties.
6.3 No Third-Party Advertising Cookies
We do not permit advertising networks, social media platforms, or data brokers to set cookies on ZuriCards pages. We do not use Facebook Pixel, Google Ads tags, or similar advertising trackers.
7. Guest Data
This section addresses the specific situation where an event organizer adds a guest's personal information to ZuriCards on that guest's behalf.
7.1 The Organizer's Responsibility
By entering guest data into ZuriCards, you represent that you have a legitimate basis for doing so — for example, that your guests have consented to receive your event communications, or that you have a genuine personal relationship with them that justifies sending them an invitation. The legal responsibility for ensuring that the use of each guest's data is lawful rests with the organizer.
7.2 What We Do with Guest Data
Guest data is used exclusively to deliver digital invitations and SMS messages as instructed by the organizer, to record and display RSVPs on the organizer's guest list, and to generate save-the-date or thank-you card communications addressed to the guest. We do not use guest contact information to market ZuriCards products or services to those guests without their separate, explicit consent.
7.3 Guest Rights and Opt-Out
Guests may contact us at privacy@zuricards.com to opt out of communications, request deletion of their data from our platform, or ask what data we hold about them. When a guest exercises these rights, we will respond within 30 days and coordinate with the relevant organizer where necessary.
8. Data Retention
We retain personal data for the minimum period necessary for the purposes described in this policy, and in accordance with our legal obligations.
| Category | Retention Period |
|---|---|
| Account data (name, email, settings) | Duration of account activity + 2 years after account deletion |
| Celebration content (pages, photos, event details) | Duration of account activity + 2 years after account deletion |
| Guest names, emails, phone numbers | Duration of account activity + 2 years after account deletion |
| RSVP data | Duration of account activity + 2 years after account deletion |
| Payment metadata (transaction records) | 7 years from date of transaction (legal obligation) |
| Support communications | 2 years from date of communication |
| Technical logs (IP addresses, error logs) | 90 days |
Account deletion: When you delete your ZuriCards account, we begin removing your personal data from active systems within 30 days. Residual data may remain in encrypted backup systems for up to 90 additional days before being purged. Payment transaction records are retained for 7 years regardless of account deletion, as required by applicable financial regulations.
9. Your Rights Under Beninese Data Protection Law
As a user of a platform subject to Beninese law, you have the following rights under the framework administered by the Autorité de Protection des Données Personnelles (APDP):
Right of Access
You have the right to request a copy of the personal data ZuriCards holds about you, including information about how it is used, where it is stored, and with whom it has been shared.
Right of Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. Many corrections can be made directly in your account settings.
Right of Deletion (Right to be Forgotten)
You have the right to request the deletion of your personal data where the data is no longer necessary for the purposes it was collected, you withdraw your consent, or you object to processing. We may be unable to delete data where we have a legal obligation to retain it (for example, payment records subject to the 7-year retention rule).
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to have that data transmitted to another data controller where technically feasible.
Right to Object
You have the right to object to processing of your personal data where that processing is based on legitimate interest.
How to exercise your rights
Contact us at privacy@zuricards.com with your full name, the email address associated with your account, and a description of your request. We will respond within 30 days and may ask you to verify your identity before processing your request.
If you believe we have violated your data protection rights, you have the right to lodge a complaint with the APDP (Autorité de Protection des Données Personnelles) of the Republic of Benin.
10. Data Security
We implement technical and organizational measures appropriate to the risks involved in processing your data.
If we suffer a security breach that is likely to result in a risk to your rights and freedoms, we will notify the APDP (Benin) within 72 hours of becoming aware of the breach, and will inform affected users without undue delay where required by law. Where EU/EEA users are affected, we will also notify the relevant EU supervisory authority within 72 hours where required under GDPR. Where Canadian users are affected and a real risk of significant harm exists, we will report to the Office of the Privacy Commissioner of Canada (OPC) as soon as feasible.
11. Children's Privacy
ZuriCards is designed for use by adults and is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you are under 18, please do not create a ZuriCards account or submit any personal data through our platform.
If you are a parent or guardian and believe that your child has provided personal data to ZuriCards without your consent, please contact us at privacy@zuricards.com and we will take appropriate action.
12. International Transfers
ZuriCards's cloud infrastructure runs on Amazon Web Services in the ca-central-1 region (Canada). This means that when you create an account, upload a photo, or enter guest information, that data is stored on servers physically located in Canada.
We ensure that any transfer of personal data outside the Republic of Benin is governed by contractual protections (Data Processing Agreements with AWS and other providers) that require them to handle your data to standards equivalent to those required under Beninese law. We do not transfer personal data to countries or organizations that do not provide adequate protections.
13. Changes to This Policy
We may update this Privacy Policy from time to time as our platform evolves or as legal requirements change. When we make material changes, we will update the "Last Updated" date at the top of this document, post the revised policy on this page, and notify registered account holders by email where the changes are significant. Your continued use of ZuriCards after changes are posted constitutes your acceptance of the revised policy.
14. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or the way ZuriCards handles your personal data, please contact us:
TKH Tech (trading as ZuriCards)
Republic of Benin
Privacy Officer: TKH Tech Data Protection Lead — privacy@zuricards.com
Privacy inquiries: privacy@zuricards.com
General support: support@zuricards.com
For matters that cannot be resolved directly with us, you may contact the supervisory authority: Autorité de Protection des Données Personnelles (APDP), Republic of Benin. EU/EEA residents may also contact their local data protection authority. Canadian residents may contact the Office of the Privacy Commissioner of Canada.