TwelveAI logoTwelveAIConversational Banking

Privacy Policy

Privacy-first handling for conversational financial activity.

TwelveAI is designed to expose the minimum amount of personal and financial data required to authenticate a user, complete a requested action, secure the transaction, and satisfy applicable regulatory requirements. This policy describes how we handle information for naira and USD money movement, foreign exchange and auto-swap features, virtual dollar cards, multi-agent AI conversations, and other product capabilities. It explains the categories of information we process, the legal and operational reasons for that processing, and the controls we apply to protect user information.

What we collect

We collect information necessary to support account verification, transaction execution, receipts, support requests, and fraud monitoring. This can include contact details, device signals, payment instructions, beneficiary details, billing references, transaction timestamps, currency and amount details, and related transaction metadata for both naira and USD activity.

For USD accounts and dollar wallets, we may collect account identifiers, USD balance and deposit history, funding source references, and records needed to reconcile activity with regulated banking or payment partners.

For NGN swaps and other foreign-exchange activity, we may collect quoted rates, swap instructions, settlement references, conversion outcomes, and records required for audit, dispute handling, and regulatory reporting.

For auto swap deposits, we may collect the rules you configure (such as target currencies, rate thresholds, or conversion preferences), triggers applied when eligible deposits arrive, execution logs, and outcomes of automated conversions.

For dollar virtual cards, we may collect card creation requests, spending limits, freeze or unfreeze instructions, merchant category signals, authorization metadata, decline reasons, and card lifecycle events. Full card credentials are not displayed in chat; partners may tokenize or vault sensitive card data under their own security standards.

For multi-agent chats, we may collect conversation content, agent handoff events, specialist routing decisions, and contextual summaries needed to continue a thread across agents (for example, payments, FX, cards, or support). This helps each agent understand prior steps without repeating sensitive verification unnecessarily.

We may also collect support communications, waitlist submissions, onboarding details, and device or browser telemetry required to secure the product, troubleshoot incidents, and maintain platform integrity.

We intentionally avoid collecting unrelated personal information that is not required for product operations, security, or regulatory compliance.

USD accounts and multi-currency balances

USD account information is used to display balances, process deposits and withdrawals where supported, link activity to receipts and history, and operate dollar-native features such as swaps and card funding.

Where naira and USD wallets coexist, we process currency context so the interface and AI agents can respond accurately without mixing balances or instructions across currencies.

USD account services may be provided through regulated third-party partners. Those partners may collect additional verification data under their own privacy notices, which apply alongside this policy where relevant.

Foreign exchange, swaps, and auto swap deposits

Swap and FX data is used to present live or quoted rates, confirm instructions before settlement, execute conversions, generate receipts, detect unusual FX patterns, and maintain records required for compliance and partner reconciliation.

Auto swap configuration is used only to apply user-authorized rules when qualifying deposits are detected. We retain logs of rule changes, triggers, and conversion results so users can review what happened and so we can investigate errors or disputes.

FX-related data may be shared with liquidity, banking, or payment partners strictly as needed to quote, execute, settle, or reconcile a conversion.

Virtual dollar cards

Card-related information is used to issue cards, enforce limits you set, process authorizations and declines, support freeze or cancellation requests, investigate fraud, and provide transaction history tied to the conversational experience.

Merchant, amount, currency, timestamp, and status data may be processed for each card transaction. We minimize exposure of sensitive card data in chat and rely on partners for secure issuance and processing where applicable.

Card partners may process personal data under separate policies for know-your-customer checks, sanctions screening, and network compliance.

Multi-agent AI and conversation context

When multiple AI agents participate in a thread, conversation history and structured context may be shared among agents within TwelveAI’s systems to complete your request efficiently,for example, handing a dollar card question from a general assistant to a cards specialist.

Agents are instructed to surface only the financial information needed for the active task. Context may be retained for a limited period to support continuity, quality review, safety monitoring, and dispute investigation.

We do not use the content of your financial conversations to train public models for unrelated purposes without a clear legal basis and appropriate notice where required.

How data is used

Information is used to fulfill instructions initiated by the user, generate transaction records, provide receipts and transaction history, operate USD wallets, execute swaps and auto-swap rules, issue and manage dollar cards, route multi-agent conversations, protect against fraud, improve system reliability, and comply with applicable banking or payments obligations.

We may also use data to monitor abuse, investigate suspicious activity (including unusual FX or card spend), validate the accuracy of conversational requests, respond to support matters, and maintain auditable operational records.

We do not sell personal financial data or expose sensitive banking context for advertising purposes.

Legal bases and regulatory reasons for processing

Depending on the jurisdiction and service context, information may be processed because it is necessary to perform requested services, comply with legal obligations, protect legitimate security interests, prevent fraud, and maintain the operational reliability of payment services.

Where consent is relevant, such consent may be requested for specific communications, optional analytics, or future product features that are not strictly necessary for the requested service.

Sharing with service providers and regulated partners

Information may be shared with banking partners, billers, airtime operators, USD account and wallet providers, foreign-exchange and settlement partners, virtual card issuers and processors, card networks, cloud providers, analytics vendors, identity verification providers, fraud prevention tools, legal advisers, auditors, and customer support systems where such sharing is necessary to provide the product or comply with law.

Multi-agent features do not change the underlying rule: personal and financial data is shared with third parties only when needed to deliver the service, prevent fraud, or meet legal obligations,not for unrelated marketing by those partners.

We require third-party service providers to handle information under confidentiality, security, and restricted-use obligations appropriate to the nature of the service provided.

Access, security, and protection

Sensitive information is protected with encryption in transit and at rest, limited internal access controls, and audit logging around operational access.

Balances, receipts, and transaction history,including naira and USD activity, swap records, auto-swap logs, and card transactions,are revealed only in verified user contexts and may require additional checks when risk is detected.

Card credentials and full primary account numbers are not routinely shown in chat. Where card details must be displayed, we favor masked or tokenized representations.

No security control is infallible, but TwelveAI applies layered technical and organizational safeguards intended to reduce unauthorized access, misuse, or disclosure.

Data retention

Information is retained for as long as reasonably necessary to provide the service, maintain records of completed transactions, satisfy contractual commitments, resolve disputes, prevent fraud, and comply with applicable legal or regulatory retention requirements.

Retention periods may differ based on the category of data, the type of transaction (including FX and card authorizations), auto-swap rule history, multi-agent conversation logs used for support or compliance, the identity verification context, and local legal obligations applicable to financial records.

Configured auto-swap rules may be retained after deactivation for a limited period where needed to explain past conversions or respond to disputes.

International transfers and storage locations

Where infrastructure, support operations, or service providers operate across borders, personal information may be processed or stored outside the user’s immediate location, subject to appropriate contractual, technical, or organizational safeguards where required.

USD accounts, dollar cards, and FX services may involve partners or infrastructure located outside Nigeria. Cross-border processing may occur to issue cards, settle swaps, route authorizations, or reconcile USD activity.

Users should expect that global cloud infrastructure and regulated payment ecosystems may involve cross-border handling of operational data in support of secure service delivery.

User rights and requests

Depending on the jurisdiction, users may have rights to request access to their information, correction of inaccurate data, deletion where legally permitted, restriction of certain processing, objection to certain uses, or export of selected data.

Some requests may be limited where information must be retained for transaction integrity, fraud prevention, dispute handling, or regulatory compliance. Identity verification may be required before actioning a request.

Children and age restrictions

TwelveAI is not intended for use by children below the age permitted under applicable law to independently use financial services in the relevant market.

If we learn that information has been submitted in violation of applicable age or authorization requirements, we may take steps to delete the information or restrict access, subject to any legal preservation obligations.

Policy updates and contact

We may revise this policy from time to time to reflect product changes, legal developments, service provider changes, or regulatory requirements. Updated versions become effective when posted unless a different effective date is stated.

Questions, data rights requests, or privacy concerns may be sent to tech@twelveai.app or through official support channels designated by TwelveAI. You may also reach support by phone at +2349039011682 where phone-based support is available.