Events & News
LinkedIn
Youtube
Close
Enquire Now

ZEPTO Legal and PRIVACY POLICY

Legal Documents

Financial Services Guide

View

Product Disclosure Statement

view

Solutions Terms

View

Target Market Determination - Stored Value

View

Complaints Policy

View

Zepto Privacy Policy

Last Updated: 3 December 2025

Your privacy is important to us. In this Privacy Policy, we aim to help you understand how Zepto Payments Pty Ltd (“Zepto,” “we,” “us,” “our”) collects and uses information, and the choices you have about your information. This Privacy Policy applies to all websites operated by Zepto, including www.zepto.com.au (the “Site”), and Zepto’s services, including our web service and Zepto APIs (collectively, together with the Sites, the “Services”).

By visiting our Site, applying for or using our Services, you consent to us collecting, holding, using and disclosing your personal information in accordance with this Policy. We collect your personal information in order to provide various Services and undertake the actions related to the provision of such Services.

1. INFORMATION WE COLLECT

We collect different types of personal information about you depending on the Services you use, how you use them, and the information you provide to us, as set forth below.

1.1 The type of information we collect

We collect certain information about you as you use the Services or when you otherwise interact with or communicate with us. We may also collect this information about you from others (for example when a representative of yours submits an application on behalf of you to receive Services).

This information includes:

  • Identification and contact information, such as the name, postal or email address, and date of birth;
  • Financial information, such as financial account and other payment information, provided to facilitate transactions through the Services;
  • Legislatively mandated information, such as copies of government-issued identification documents, corporate partnership and trust details as required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (“AML Act”);
  • Identification of professional advisers and similar representatives and affiliates interacting with us on your behalf; and
  • End user personal information, such as the personal information of the customers (e.g. payer and payee consumers) of Zepto’s customers (e.g. merchants). This information includes (but may not be limited to) name, email address, phone number and date of birth.

You may choose not to provide some or all of this information to us if you want to remain anonymous. However, if you choose not to provide certain necessary information, you may be unable to use our Services.

1.2 How we collect your personal information

We generally collect your personal information through your interactions with us during the application process for Services. This includes collecting personal information of:

  • officeholders of companies that apply for Services; and
  • beneficial owners of other legal structures that apply for Services.

Other ways in which we collect your personal information include:

  • when processing transactions, Zepto will collect certain personal information as required by applicable law and industry codes (such as those required pursuant to the AML Act);
  • requests for various forms of support, such as enquiries about the Services, requests for technical support and processing of transaction disputes;
  • survey and feedback information you share in connection with surveys and requests for feedback that we send;
  • through automatic analytical tools as described in section 1.3 below;
  • service providers including fraud prevention and risk scoring services and sanctions screening service providers;
  • social media platforms following any interaction by you with our social media accounts;
  • attendance at Zepto events (whether physical or virtual); and
  • public databases such as ASIC Professional Registers.

If we receive information about you that we have not requested (i.e. unsolicited personal information), we will take the necessary steps to de-identify and destroy this information.

1.3 Other information we collect automatically as you use the Services

We and our service providers use a variety of third-party technologies, including cookies, Google Analytics and other similar tools, to automatically collect certain information when you use our Services. The types of information we collect using such technologies include:

  • Log files. As you use our Services, we automatically record information in log files. These log files may include information such as your web or content requests, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technologies, and other such information.
  • Service metadata. We collect metadata that provides high-level information about how you interact with the Services, such as the names of pages on the Sites that you visit or parts of our app that you access, frequency and duration of use, and other information.
  • Information from cookies and similar technology. As you use the Services, we and our service providers use such technology to collect information. Such information may include your operating system, your IP address, browser type and language, referring pages and URLs, keywords, date and time, what sections of our Sites you visit or use, device identifiers such as MAC address, carrier and country location, hardware and processor information, network type, and similar data (collectively, the “usage information”). We also work with third-party partners that use cookies to collect usage information to allow us to better understand how users interact with the Services. For more information about how we use cookies and similar technology, please see the section titled “Cookies and Online Analytics” below.
1.4 De-Identified Information

We may de-identify and/or aggregate any information we collect so the information cannot reasonably identify you or your device, or we may collect information that is already in de-identified form. Our use and disclosure of such de-identified information is not subject to any restrictions under this Privacy Policy, and we may use and disclose it to others for any purpose, without limitation.

2. HOW WE USE YOUR INFORMATION

We collect, hold and use your personal information so that we can:

  • Provide, maintain, and operate the Services
  • Improve the Services and develop new features and services
  • Respond to your enquiries and requests for support
  • Respond to enquiries from Zepto’s customers (if you are an end user of Zepto’s customer)
  • Respond to enquiries from other financial institutions or services providers who are involved in payment instructions that are processed through the Services
  • Provide technical support and assistance
  • Communicate with you about the Services, including to provide you with service-related communications, inform you of new products or features, or solicit feedback about the Services
  • Send you marketing communications about our products and services as permitted by local law and consistent with your preferences
  • Engage in analysis and research and prepare reports regarding use of the Services
  • Protect and secure the Services and our users
  • Establish, exercise, or defend our legal rights, including to enforce compliance with our Terms of Service and Privacy Policy, and any other agreements in place between you and Zepto
  • Comply with applicable laws, regulations, codes, subpoenas, governmental requests or legal process, or in connection with a legal or regulatory investigation.
  • Prevent, detect and investigate any actual or suspected fraud, crime, non-compliance with laws
  • Comply with our legal obligations owed to our payment infrastructure providers and licence holders
  • Processing your information for other purposes following your specific consent.

3. HOW WE DISCLOSE YOUR INFORMATION

We may share your information with entities outside of Zepto only as follows:

  • Service Providers. We may share or provide access to your information with external service providers that use such information only to perform services on our behalf, such as supporting the operation of our Services, seeking or displaying authorisation to initiate transactions, resolution of transaction disputes, advertising and marketing our Services, analytics, research, data storage, security and compliance solution providers.
  • Third-party applications, with your consent. Zepto allows you to authorise the connection to and automated exchange of data with third-party applications. We will share data with such applications with your authorization.
  • With other parties, with your consent. We may share information with others when we have your consent to do so, including when you direct us to share information, such as contact and banking details, with your contacts (as identified by a verified email, mobile phone number or account numbers).
  • Business transfers. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner. In such case, your information would remain subject to the promises and commitments contained in this Privacy Policy until such time as this Privacy Policy is updated or amended by the acquiring party upon notice to you.
  • Entities for legal and safety purposes. We may disclose the information we collect where we have a good faith belief that such disclosure is: (a) required by law (or to respond to subpoenas, warrants, government requests, or similar process served on us), or (b) reasonably necessary to establish, exercise or defend legal rights, or to prevent or lessen a serious threat.

4. STORAGE AND SECURITY OF YOUR INFORMATION

We store information about you in computer systems and databases operated by either us or our external service providers.

We maintain a variety of security measures to protect your information from loss, misuse and unauthorized access, disclosure, alteration and destruction. These security measures include (but are not limited to):

  • Utilising identity and access management technologies to limit and control access to systems on which personal information is processed and stored;
  • requiring all employees to comply with internal information security policies, keep information secure and undertake regular training; and
  • monitoring and regularly reviewing our procedures.

However, as no method of internet transmission is completely secure, we cannot guarantee the security of your information.

When registering for an account through the Services, it’s important that you select a strong password and do not share it with others.

You must alert us immediately if you have any concerns about unauthorized use of your account.

5. DATA RETENTION

We retain information for different periods of time depending on the purposes for which we collect and use it, as described in this Privacy Policy. We may retain personal information in accordance with applicable laws pertaining to the processing of transactions.

We will delete or de-identify information when it is no longer needed to fulfill these purposes outlined in this Privacy Policy, and after the retention period required by any applicable laws.

6. CHILDREN’S INFORMATION

Our Services are intended for general audiences and are not directed at children. If we become aware that we have collected data without legally valid parental consent from children under an age where such consent is required, we will take reasonable steps to delete it as soon as possible.

7. THIRD-PARTY SERVICES

The Services allow you to connect to, and exchange data with, third-party applications, and may also contain links to third-party sites and services. We have no control over these third-party services, and as such, we are not responsible for their privacy policies or practices. You should check the applicable third-party privacy policy and terms of use before providing information or authorising the exchange of information with any third-party site or service.

8. COOKIES AND ONLINE ANALYTICS

A cookie is a small text file that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Zepto uses cookies and similar technologies to help identify and track visitors, analyze usage of the Services, and remember access preferences. Please note that you can change your browser settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information. Note, however, that if you choose to block cookies, certain features of the Sites may not function properly or may be inaccessible altogether.

9. INTERNATIONAL USERS

9.1 International data transfers

The Services are operated from Australia. If you are located outside of Australia, please be aware that any information you provide to us and/or that we collect from you, including personal information, will be transferred from your country of origin to Australia, which may have different data protection laws than your jurisdiction.

For Australian residents, we may transfer information that we collect about you to our affiliates and/or third party processors located in other jurisdictions. Currently, this is only the United States of America. . In such cases, where required by law, Zepto puts into place safeguards to ensure adequate protection of your data, such as taking reasonable steps to ensure these recipients will abide by Australian Privacy Principles and requiring contractual clauses approved by the particular jurisdiction. Where permitted by law, we may also transfer data to other jurisdictions with your consent.

10. YOUR RIGHTS AND CHOICES

10.1 Email and other direct marketing

We may use your personal information, collected through a variety of methods outline in section 1.2, to offer you products and services we believe may interest you. We may use a variety of methods to contact you for this purpose, including through social media. However, if you do not want us to contact you for such purposes, you can tell us not to contact you.

If you do not wish to receive emails from us, please click the “Unsubscribe” link located on the bottom of any Zepto marketing email and follow the instructions found on the page to which the link takes you.  Please note that processing your request will take some time, in accordance with our legal obligations.  You cannot opt out of receiving transactional emails related to the Services, which communicate important information about the Services or legal notices to you.

10.2 Accessing and updating your information

If you believe we may not hold accurate information about you, you can contact us to access this information and correct it. If you would like to exercise your rights under applicable law, please email us at [email protected] with your name, the email address you used to register with Zepto, and a description of your request.

We may request additional information to verify your identity, and will respond to your request as required by applicable law in your jurisdiction. Please allow us a reasonable time to respond to your inquiries and requests.

10.3 Do Not Track

At this time, Zepto does not monitor, recognize or honor any opt-out or do not track mechanisms including general web browser “Do Not Track” settings and/or signals.

10.4 Privacy Complaints

If you have a complaint regarding our handling of your personal information, we will attempt to resolve your complaint promptly upon you contacting us at [email protected].

If you believe the complaint cannot be or has not been resolved by us, you may lodge a complaint with the Office of the Australian Information Commissioner at https://www.oaic.gov.au/.

10.5 Quality of personal information

When we collect your personal information, we will take reasonable steps to ensure its accuracy. This may include taking additional steps for verification, if we deem this is required. This may include collecting your information through a payment Services application form, and subsequently verifying this information with reference to public databases.

11. PRIVACY POLICY CHANGES

This Policy is effective as of the “Last Updated” date posted at the top of this page. We may change this Policy from time to time and will post any changes on this page as soon as they go into effect, and/or provide additional notice as required by applicable law. By accessing the Services after we make any such changes, you are deemed to have accepted such changes. Please refer back to this Privacy Policy on a regular basis.

12. CONTACT US

If you have any questions, concerns, or complaints about Zepto’s Privacy Policy or information handling practices, please contact us:

  • By email: at [email protected]
  • By letter: 3/66 Centennial Circuit, Byron Bay, NSW 2481, Australia

Receive mission updates...

Subscribe to our newsletter to stay in-the-know with the latest payment news, expert insights and all things Zepto.