Privacy Notice

Paystack Inc. (“Paystack”, “we”, “our”) operates Paystack Index (“Index”), an AI-native commerce layer for Africa. Index lets you use an AI agent (Claude, ChatGPT, OpenClaw, etc.) to carry out everyday money tasks on Paystack rails, such as topping up airtime, paying bills, sending money, and ordering food, by talking to an AI agent you choose.

As a Paystack product, Index provides the platform that acts as an intermediary between supported service providers, such as Chowdeck, and users. It does this through MCP (Model Context Protocol) servers, which help connect your AI agent to the services and actions available through Index.

This notice explains what personal data we collect when you use Index, why we collect it, how we protect it, the rights you have and how you stay in control. It is supplementary to Paystack’s primary privacy notice. Where this notice is silent, the primary notice applies.

Using Index requires accepting our Terms of Use. The Terms describe the service provided by Index; this Notice describes how we process the data behind the service.

How Index works

You tell your agent what you want. Your agent turns your request into an instruction and sends it to Index. Index reads the instruction, matches it to an action it is allowed to perform, checks that the action sits within the permissions and limits you have set, and then carries it out. Every action appears in your transaction history. Index does not choose what to buy or whom to pay. It acts on the request you send through your agent; it cannot exceed the limits you set, nor can it grant itself new permissions.

What this means for you

When a transaction goes through, real money moves from your Zap balance, exactly as it would if you had made the payment yourself in any third party app. A payment to the wrong person, or for the wrong amount, has the same effect as any other payment, which is why the controls below matter.

When you use Index, we process the following categories of personal data:

Data you give us directly:

• Email address, first name, last name (when you sign-up on Index)
• Phone numbers you instruct your agent to transact with (e.g. an airtime or data recipient)
• Phone number and country for linking your Chowdeck account (needed for the One-Time Password OTP flow)
• Request data in flight (through your agent interactions)

We collect automatically:

• Transaction data: amount, verb (i.e. airtime, data, send money, order food), status, timestamp
• Zap balance and top-up records
• OAuth tokens for the AI agents you connect to Index
• IP address and user agent (in request logs, retained 30 days)

We collect from third parties:

• Your connected accounts — once you verify via OTP, your preferred account is linked to Index
• Related personal data from connected accounts — i.e. your registered addresses from your Chowdeck account are shared to enable delivery, however this is not stored

We do not collect or store:

• Card numbers, CVVs, PINs, or bank account credentials. These go directly to Paystack’s hosted payment page and never touch Index
• Biometric data, health information, religious affiliation, political opinions, sexual orientation, or any other sensitive personal data
• Voice recordings or photographs of you

We do not use your instructions or your transaction information to train AI models. The agent you use is your own choice, and whether its provider uses your conversations to train its models is set by that provider, not by us. If this matters to you, choose an agent whose terms say it will not train on your requests, check that agent’s privacy settings, or connect your own model.

When you connect an AI agent to Index (via OAuth at /oauth/authorize), the agent can, on your instruction and within the limits you set:

• Read your Zap balance on Index
• Initiate transactions you approve (subject to per-verb caps and rate limits)
• Read your recent activity to give you context

You set how much Index can spend. You can choose to approve every transaction yourself, and Index checks with you before a large payment or a payment to someone new, even when you have allowed your usual transactions to go through automatically. You can pause or disconnect Index at any time, which takes immediate effect.

What your agent sees:

Since you talk to Index through your AI agent, that agent receives your requests, including the details needed to act, such as the amount and recipient. The agent is run by its own provider (i.e. Gemini is run by Google), under that provider’s terms and notice, not this one.

The agent cannot:

• See your password, PIN, or authentication codes
• Move funds outside the scope you granted at the consent screen
• Access your Paystack merchant account or any other Paystack product

You can revoke an agent’s access at any time from your dashboard. In doing so, you will experience limited functionality with Index for AI-powered e-commerce tasks.

Sharing other people’s information

To complete some requests, you may give your agent another person’s details, such as a recipient’s phone number or a delivery address. Please share someone else’s information only where you have a proper reason to do so, or with their explicit consent. We use these details only to carry out the transaction you requested, and we handle them in accordance with this notice. Since your agent processes everything you share with it, we recommend configuring your settings to prevent it from using your conversations to train AI models, particularly when your request includes another person’s information. How to do this depends on the agent you use; see our guide below for steps for common agents:

• Claude: consumer plans (Free, Pro, Max) may use your chats and coding sessions to train models unless you opt out. Open Settings, go to the Privacy tab, find the “Help Claude improve” section, and turn off the option that allows your chats and coding sessions to train and improve the model. Claude for Work, the API, and Claude for Government are not used for model training by default. Read their Privacy Policy.
• ChatGPT: go to your profile, then Settings, then Data Controls, and switch off “Improve the model for everyone.” You can also opt out through OpenAI’s privacy portal by selecting “do not train on my content,” and by default, OpenAI does not train on inputs from its business products, including ChatGPT Business, ChatGPT Enterprise, and the API. Read their Privacy Policy.
• OpenClaw: this one differs, and the help guide should say so. OpenClaw is an open-source, local-first agent that runs on your own machine, stores its data as files on your disk, and connects to a model you choose. It does not train on your data itself. Whether your requests are used for training depends on the model you point it at: if you connect a hosted model such as Claude or an OpenAI model, apply that provider’s opt-out above; if you run a local or open model, your requests are not sent to a provider for training. So the control for OpenClaw is the model you configure, not a toggle in OpenClaw. Read their Privacy Policy.

We process your personal data on the following lawful bases:

We do not process your data for marketing purposes from Index. Any marketing communications about Index come through Paystack’s primary marketing channels — with your explicit consent, or opt-in to newsletters and product updates — and follow Paystack’s Privacy Notice.

As a result of processing your transaction history, we can see patterns in how you spend. We do not use these patterns to advertise to you or to recommend products or services.

Under applicable data protection legislation, you have the right to:

1. Access — request a copy of the personal data we hold about you
2. Rectification — ask us to correct inaccurate data
3. Erasure — ask us to delete your personal data, subject to legal retention obligations
4. Portability — receive a machine-readable export of your data
5. Restrict processing — limit how we process your data
6. Object — object to specific processing activities, including direct marketing
7. Withdraw consent — where consent was the lawful basis, you can withdraw it

You can also ask us to explain how Index handled a particular transaction, and a member of our team will look into it. Where a transaction has a significant effect on you, you can ask us to review it and tell us why you believe it was wrong.

To exercise any of these rights, email dpo@paystack.com. We respond within 30 days, or within the timeframe stipulated under applicable law (if this is less than 30 days).

We share data only with the parties needed to deliver the service:

All third party service providers are bound by applicable data processing or sharing agreements and/or contractual agreements allowing the responsible sharing of data by law. We do not sell your data to anyone.

We pass on only the data needed by a service to fulfil your request, for example, a recipient’s number for an airtime top-up or a delivery address for a food order.

We keep personal data only as long as necessary and in line with Paystack’s retention schedule. Key periods:

• Transactions and top-ups: 10 years from the transaction date (AML/CFT and financial recordkeeping)
• Zap balance records: While your account is active, retained for 5 years after closure (KYC, litigation)
• OAuth credentials: Until you revoke, or following 12 months of inactivity (legitimate interest)
• Chowdeck session tokens: Until you unlink, or following 90 days of inactivity (legitimate interest)
• Request logs: 30 days (legitimate interest)

We protect your personal data with technical and organisational measures designed into Index from the start, and the key measures are set out below.

• All personal data fields (phone numbers, third-party tokens, session metadata) are encrypted at rest with AES-GCM-256
• OAuth secrets are hashed with a server-side pepper before storage; we never store them in clear text
• All connections use HTTPS with HSTS enforced
• Row-level security policies are implemented on every database table
• Per-credential, per-Zap balance, and global rate limits on every transactional API to prevent fraud
• A log-redaction wrapper that masks phone numbers, addresses, and similar patterns before any error is written to logs
• Backstage admin access requires SSO + two-factor authentication
• All money-moving operations are idempotent to prevent duplicate charges

Agent security

Remember that your agent acts for you; anyone who can use it can ask Index to transact on your behalf within your limits. Keep your agent secure, and if you think someone else has access to it, disconnect Index straight away and contact us.

We monitor for incidents continuously. If a breach occurs that’s likely to affect your rights, we will notify the relevant data protection authority and you within 72 hours, in accordance with applicable law.

We transfer personal data to other Paystack entities and to third-party service providers in the course of providing Index to you. We carry out these transfers using the mechanisms permitted under the applicable data protection law, ensuring your data maintains an adequate level of protection wherever it is processed.

Where we transfer personal data to a country whose laws may not meet the standards required, we put appropriate safeguards in place. In every case, we take steps to ensure your personal data is transferred safely and stays protected in line with this notice and applicable law. Details of the safeguards we apply, and the basis for a particular transfer, are available on request at dpo@paystack.com.

Index sends transactional push communications (top-up confirmations, transaction receipts, security notices). It does not send marketing emails. If you opt into Paystack’s broader marketing list, that opt-in is separate and governed by Paystack’s primary notice.

Index is not directed at children under 18. We do not knowingly collect data from children. If we learn we have, we delete it. Please report any underage usage of Index services to us at dpo@paystack.com.

If you believe we have mishandled your personal data:

1. Email dpo@paystack.com first — we want the chance to fix it
2. You may also complain to your relevant supervisory authority

Reading more about what Index can and cannot do

We maintain clear documentation of what Index can do, the conditions for use, and its limits. You can read a plain summary in our Support pages, and you can ask us for the fuller documentation at any time at dpo@paystack.com.

We may update this notice. Material changes are notified to active users by email and posted prominently on this page at least 14 days before they take effect.