Privacy Policy

Pontispay Ltd Privacy Policy

Updated: January 12, 2026

Introduction

Pontispay Ltd is a company incorporated in the Province of British Columbia, Canada (Company No. BC1529574), with its registered office at 300 – 848 Courtney Street, Victoria, BC V8W 1C4, Canada. We are also registered as a Money Services Business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) under MSB Registration No. C100000623. Pontispay is a business-to-business (B2B) financial technology platform providing multi-currency business accounts, payment processing, open banking services, fraud prevention tools, and related API-based solutions to business clients. Protecting your privacy and handling your personal data with care is very important to us.

This Privacy Policy explains what personal data we collect, why we collect it, and how we collect, use, disclose, store, and protect your personal data when you visit our website or use our services (collectively, the “Services”). It also outlines how you can contact us to access or correct your personal data, or to make inquiries or complaints about our privacy practices.

Our Services are intended for use by businesses only and not individual consumers. We do not offer services to minors, and we do not knowingly collect personal data from individuals under 18 years of age. Personal data (also referred to as “personal information”) in this Policy means any information about an identified or identifiable individual.

Pontispay is primarily subject to Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA). Where we process personal data of individuals located outside Canada in the course of providing Services to business clients, we apply additional data protection safeguards only to the extent required by applicable law.

By using our website or Services, you consent to the practices described in this Privacy Policy. You have the right to withdraw your consent at any time; however, if you do so, we may not be able to provide certain Services to you.

Updating Our Privacy Policy

We may update this Privacy Policy from time to time. If we make any material changes, we will post the updated Privacy Policy on our website at www.pontispay.com and update the “Last Updated” date. We encourage you to review this Policy periodically to stay informed about how we protect your personal data. If you continue to use our website or Services after an updated Privacy Policy takes effect, your continued use will be deemed acceptance of the revised Policy (unless otherwise required by applicable law).

Collection of Personal Data by Third Parties

Please note that this Privacy Policy does not apply to any third-party websites, services, or applications that you may connect to or access through our Services. Our website may include links to third-party sites or services (for example, bank partners or other integrations). Those third parties may collect personal data from you under their own privacy policies. We are not responsible for the content or privacy practices of any third-party services.

If you do not agree with any part of this Privacy Policy, please do not use our website or Services, or provide any personal information to us.

When and How Do We Collect Personal Data?

We collect personal data about you at various points when you interact with Pontispay. In particular, we may collect information in scenarios such as the following:

  • When you visit our website – e.g. through cookies and other tracking technologies that gather usage data as you browse.
  • When you register for an account or apply for our Services – you provide personal and business details during the signup or onboarding process.
  • When you communicate with us – for example, if you contact us via email, phone, web forms, or live chat, we will collect the information you provide in your correspondence or inquiry.
  • When you use our platform or Services – data is collected as you transact or interact with our payment platform, dashboards, APIs, and other features (including when you integrate our Services with third-party applications or permit us to collect information from other accounts or services on your behalf).
  • When you respond to our surveys or feedback requests – any information you choose to provide in surveys, feedback forms, or reviews is collected by us.

We primarily collect personal data directly from you. In some cases, we may also obtain information from third-party sources or public databases (for example, identity verification services, credit bureaus, or corporate registries) as part of our due diligence and compliance procedures. In all cases, we only collect personal data by fair and lawful means.

What Personal Data Do We Collect?

The types of personal data we may collect (or receive) about you include, but are not limited to, the following:

  • Identification and Contact Details: Your full name; mailing or business address; email address; telephone number and other contact information; and your occupation or job title.
  • Identity Verification Information: Details and images of government-issued identification documents (such as your passport, driver’s license, or other IDs), photographs of you (for example, if you provide a photo for identity verification), date of birth, and any other information you provide to verify your identity or that is required for Know-Your-Customer (KYC) or Know-Your-Business (KYB) checks.
  • Financial Information: Payment and financial account details that you provide to us, such as your credit card number or bank account information, and other information necessary for billing, transactions, or money transfers.
  • Usage and Technical Data: Information about how you access and use our website and Services. This includes your device identifiers or ID, browser type, device type, operating system, language settings, approximate geolocation, IP address, and other online identifiers. We also collect statistics about your interactions with our website (e.g. pages visited, time and date of visits, page response times, download errors) and other standard web log data.
  • Service and Account Information: Details of the Services we provide to you, have provided in the past, or that you have inquired about. This can include any additional information necessary to deliver those Services and to respond to your inquiries or support requests. For example, if you are a client, we will have records of your account history, transactions, and communications with us.
  • Communications: Any personal data that you choose to provide in communications with us. This encompasses information you share when you contact customer support, send us emails, or otherwise correspond with us. It may also include any content you submit through our platform (for instance, information you provide in form fields, support tickets, or chat messages).
  • Survey and Feedback Information: If you participate in any surveys, research, or provide feedback about our Services, we will collect any personal data you provide in those responses.
  • Additional Information: Any other personal data that you voluntarily provide to us in the course of using our website or Services, or any personal data that is required to facilitate your dealings with us. This might include information we obtain from public sources or third parties (with your permission and as permitted by law) in order to onboard you as a client or to fulfill our legal obligations. For example, we may collect information from credit reporting agencies or corporate registries about your business or verify information you have provided via third-party identity verification tools.

We will collect the above information only as necessary for the purposes set out in this Privacy Policy (see next section) or as otherwise authorized by you or by law.

Why Do We Collect Your Personal Data?

We collect and use personal data for various business and legal purposes in connection with offering our Services. Pontispay will only collect personal data for purposes that a reasonable person would consider appropriate in the circumstances. Depending on the context, our processing of your personal data may rely on different legal bases, including: your consent (where you have given it or where required by law), the necessity to perform a contract with you, compliance with our legal obligations, or our legitimate business interests (provided such interests do not override your fundamental rights and freedoms).

In particular, we collect and process personal data (on one or more of the bases above) in order to:

  • Provide and Operate Our Services: To deliver our payment platform services to you, including creating and managing your user account, processing transactions, and facilitating payments as instructed by you.
  • Verify Identity and Conduct Due Diligence: To confirm your identity and business details, and to perform necessary due diligence such as Know-Your-Customer (KYC) and Know-Your-Business (KYB) checks. This may include running credit checks or background screenings with your consent where required by law.
  • Prevent Fraud and Ensure Security: To monitor for and reduce fraudulent or suspicious activities, protect against unauthorized transactions or misuse of our platform, and generally ensure that your use of our Services is safe and secure.
  • Comply with Legal and Regulatory Obligations: To fulfill our obligations under applicable laws and regulations. For example, as a regulated MSB we must comply with anti-money laundering (AML) and counter-terrorist financing laws, which may require us to collect certain information, keep transaction records, report certain activities to regulators, and verify client identities. We also process personal data as needed to comply with tax laws, court orders, or other legal requirements that apply to us.
  • Communicate with You: To send you information and updates about the Services you use. This includes sending administrative or account-related communications such as confirmations, invoices, technical notices, updates, security alerts, and support messages. We may also respond to your inquiries, support requests, or complaints and provide customer service.
  • Provide Service Information and Marketing: To inform you about new features, products, or promotions relating to our Services. We may send marketing communications or tailored offers to you (such as newsletters or event invitations) that we believe may be of interest to your business. You will always have the option to opt out of marketing emails or unsubscribe if you prefer not to receive this type of communication. (We will obtain your consent to send you marketing where required by law.)
  • Facilitate Transactions with Third Parties: To interact with third-party financial institutions or partners as necessary to provide our Services. For example, we may share necessary information with banks, payment processors, or other payment service providers in order to execute your payment instructions, process deposits/withdrawals, or enable open banking features you have requested.
  • Improve and Personalize Services: To request feedback and gather information about user satisfaction in order to improve our Services and your user experience. We may analyze how you and other users navigate our platform (using cookies or analytics tools) to identify usability issues, enhance security, or develop new features. Wherever feasible, we use aggregated or anonymized data for analysis to avoid identifying individuals.
  • Enforce Our Rights and Agreements: To protect our legal rights and interests, as well as the rights of our users, partners, or others. This includes using personal data to investigate and defend against any claims or legal disputes, to enforce our terms and conditions or other agreements, and to prevent fraud, abuse, or harm.
  • Support Business Operations: To manage and administer our internal operations, including accounting, billing, record-keeping, auditing, and other routine business functions.
  • Research and Analytics: To conduct research, statistical analysis, or business analytics related to our Services and customer base, aimed at understanding market trends, assessing performance, or developing new products. (Any data used for broader analytical purposes that is not directly tied to providing services to you will be de-identified or aggregated so that individuals cannot be readily identified.)
  • Meet Regulatory Inquiries and Requests: To cooperate with regulators, law enforcement, or other authorities. For instance, we may process and disclose personal data as necessary to respond to inquiries from regulatory agencies, comply with audits or inspections, or address any issues raised by FINTRAC or other oversight bodies. If we are involved in a merger, acquisition, or asset sale, your personal data may be processed in connection with that transaction as allowed by law.
  • Any Other Purpose Authorized by You or the Law: We may use your personal data for any other purpose which you have specifically authorized or instructed us to, or as otherwise permitted or required under applicable law.

We will not use your personal data for purposes that are incompatible with the above reasons unless we obtain your consent or are otherwise legally permitted to do so. In other words, we only collect and process personal data for purposes that we have disclosed to you or that are reasonably necessary in order to provide our Services or fulfill our obligations.

How Do We Store and Protect Your Personal Data?

We take the security and confidentiality of your personal data seriously. Pontispay stores personal data on secure systems, and we employ a variety of measures to protect your information from unauthorized access or disclosure. These measures include technical safeguards (such as encryption, firewalls, and access controls) and organizational safeguards (such as employee training and data handling policies) designed to keep your data safe.

All personal data we collect is treated as private and confidential. We retain your information only for as long as necessary to achieve the purposes outlined in this Policy or to comply with applicable legal or regulatory requirements. The specific retention period for different types of data may vary depending on factors such as regulatory rules (for example, financial transaction records that must be kept for a minimum period), the nature of the data, and ongoing business needs. When personal data is no longer needed, we will securely delete or anonymize it.

Despite our efforts to safeguard your information, please note that no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of data. You understand that any personal data you transmit to us is done at your own risk. Pontispay will not be liable for breaches of security or unintended loss or disclosure of information due to circumstances beyond our direct control (to the extent permitted by law). In the unlikely event of a data breach that results in the compromise of your personal data, we will notify you and the relevant authorities as required by law.

We may use reputable third-party service providers (data processors) to host or process personal data on our behalf – for example, cloud hosting services or identity verification partners. When we engage third-party processors, we ensure they are bound by contractual obligations to safeguard your data in line with this Privacy Policy and applicable privacy standards. These processors are only permitted to use your data to carry out the services we have hired them to provide, and they are not allowed to use it for their own purposes.

Log Data

Whenever you use our website or online platform, we automatically collect certain technical information known as Log Data. This Log Data may include details such as your computer or device’s IP address, device and browser type, operating system version, the pages of our site that you visit, the time and date of your visit, and the amount of time spent on those pages, along with other diagnostic data. We may use third-party analytics services (e.g., Google Analytics or similar tools) to assist with collecting and analyzing this Log Data to better understand how our website is used and to improve its functionality.

Log Data generally does not identify individual users by itself; we do not use this information to try to discover your identity. Instead, we use it to maintain the security and performance of our website and Services (for example, to debug issues, analyze traffic trends, and prevent abuse of our platform).

International Data Transfers

Pontispay is based in Canada, but we may transfer and store personal data in other countries as part of our operations. For example, we use cloud service providers and technological infrastructure that may be located in the United States or other jurisdictions. This means that your personal data could be transferred to, or accessed from, outside of the country or region where you reside.

Regardless of where your data is processed, we will take steps to ensure that your personal information is protected in accordance with this Privacy Policy and applicable law. We utilize contractual and technical measures to safeguard data when it is transferred to third parties or across borders. By using our website or Services, you understand and consent that your personal data may be transferred to and stored in countries other than your own.

If you are located in the European Economic Area (EEA) or the United Kingdom, we take additional steps to ensure that any transfer of personal data out of the EEA/UK complies with the GDPR and relevant data protection laws. Canada is recognized by the European Commission as providing an adequate level of data protection for personal information (under PIPEDA) which facilitates transfers of personal data from the EU to Canada. In cases where we transfer personal data from the EEA/UK to other countries that may not have an adequacy decision, we will rely on approved safeguards such as the European Commission’s Standard Contractual Clauses or other lawful transfer mechanisms to ensure your data remains protected.

Cookies

Cookies are small text files placed on your computer or device to store data that can be retrieved by a web server in the domain that placed the cookie. Like many websites, Pontispay uses cookies and similar tracking technologies (such as web beacons or pixels) to collect certain information automatically when you interact with our site.

How We Use Cookies: We use cookies to improve your experience and the functionality of our website. For example, cookies help us recognize you when you return, remember your preferences, and understand which sections of our site are visited most frequently. Cookies also assist in security (for instance, detecting unusual account activity), and they allow us to gather aggregated data about site traffic and interaction so that we can continuously improve our Services. While the information collected through cookies may not directly identify you, it can include data like your IP address, browser type, device information, and browsing behavior on our site.

Cookie Consent: Some cookies are necessary for our website to function and cannot be switched off in our systems (these are often called “strictly necessary” cookies). For other types of cookies (such as analytics or advertising cookies), we will request your consent where required by law. For example, when you first visit our site, you may see a cookie banner or prompt seeking your consent to set certain cookies. You can choose to accept or decline non-essential cookies. If you opt out, you may still use our site, but certain features might be limited or not function properly.

Managing & Disabling Cookies: You have the ability to control cookies through your browser settings and other tools. Most web browsers allow you to block or delete cookies. However, please note that if you disable cookies entirely, this may impair the functionality of our website – for instance, you might not be able to log in or use certain interactive features.

Cookies on our site may be either persistent or session cookies. Persistent cookies remain on your device for a set period of time or until you delete them, and are used, for example, to remember you on subsequent visits. Session cookies are temporary and are deleted from your device when you close your browser; these help us track your actions during a single browsing session (such as maintaining your login status).

Cookies That We May Use

We use cookies for the following purposes on our website:

  • Authentication and Session Management – to identify you as a user when you log in and to maintain your session. This helps us keep you logged in as you navigate between pages.
  • Personalization – to remember your preferences and settings (such as language or region) so that we can tailor the website to you.
  • Security – to support our security features and detect malicious activity. For example, cookies help prevent fraudulent use of credentials and protect user data from unauthorized parties.
  • Analytics – to collect information about how visitors use our site. These cookies help us analyze web traffic, see the overall patterns of usage, and improve the performance of our Services. (For instance, we might use Google Analytics cookies to get aggregate statistics on site visits and page views.)
  • Cookie Consent – to remember your choices about cookies on our site. Once you set your preferences (e.g. choosing to allow or disable certain cookies), a cookie is used to save that setting so you won’t be asked again on your next visit.
Cookies Used by Our Service Providers

Some cookies on our site may be placed by third-party service providers acting on our behalf. For example, we use external analytics providers and maybe other integrated services that use cookies to perform their services. These third-party cookies may collect information such as your IP address, browser type, or pages visited. We ensure that our service providers are reputable and that any information collected on our behalf is used only for the purposes we’ve authorized, but these cookies are controlled by the providers themselves. The providers have their own privacy policies which will govern their use of the data. Common examples of third-party services we use include analytics tools (as noted above) and possibly embedded content or widgets that can set cookies.

Managing Cookies in Your Browser

If you wish to manage or disable cookies, you can do so through your web browser’s settings. Below are links to instructions for managing cookie settings in popular browsers:

  • Google Chrome: Managing cookies in Chrome
  • Mozilla Firefox: Enable and disable cookies in Firefox
  • Opera: Managing privacy and security in Opera
  • Internet Explorer: Delete and manage cookies in IE
  • Safari (Desktop): Manage cookies and website data in Safari
  • Microsoft Edge: Cookies and privacy in Microsoft Edge

Please note that blocking all cookies will likely have a negative impact on your experience on our (and other) websites. If you block or delete cookies, you may not be able to use the full functionality of our Services. For instance, essential features like authentication, security, or remembering your settings might not work properly without certain cookies enabled.

European Union & United Kingdom Users (GDPR)

Pontispay is established in Canada and primarily governed by Canadian privacy legislation, including PIPEDA. In limited cases where we process personal data of individuals located in the European Union or the United Kingdom in connection with providing Services to our business clients, we take reasonable steps to respect applicable data protection requirements.

Where applicable, individuals in the EU or UK may have certain rights in relation to their personal data, such as the right to access or correct their information. Requests may be subject to legal and regulatory limitations, including our obligations under anti-money laundering, record-keeping, and financial services laws.

To exercise any data protection-related request, please contact us using the details below. We may require identity verification before responding.

Enquiries, Requests & Complaints

If you have any questions about this Privacy Policy or about how Pontispay collects, uses, or protects your personal data, please contact us. We also encourage you to reach out if you need to access, update, or correct your personal data, or if you wish to withdraw consent or exercise any rights you may have under privacy law.

You can contact our team or our designated Privacy Officer by email at info@pontispay.com. You may also write to us at the following address:

Pontispay Ltd – Privacy Officer

300 – 848 Courtney Street

Victoria, BC V8W 1C4

Canada

We take all privacy inquiries and complaints seriously. If you believe that your personal data has been handled in a way that is not consistent with this Policy or applicable law, or if you have any other privacy-related concern or request, please let us know. We will investigate the matter and respond to you within a reasonable timeframe. In general, we will aim to confirm receipt of your complaint or inquiry within five business days and provide a substantive response as soon as possible, taking into account the complexity of the issue. If an error or problem is identified in our practices, we will take the necessary steps to address it and prevent it from happening again.

If you make a request to access or correct your personal data, we will respond in accordance with applicable law (under PIPEDA, for example, we will provide access to your personal information in our records, subject to certain exceptions, and allow you to request corrections if needed). We may require you to verify your identity before we can give you access or make changes to your data, to ensure that we do not disclose personal data to the wrong person or alter data without proper authorization.

We hope to resolve any privacy concerns directly. However, if you feel that we have not adequately addressed your question or complaint, you have the right to seek assistance from the appropriate data protection authority. In Canada, the relevant authority is the Office of the Privacy Commissioner of Canada (OPC). The OPC can be contacted at:

  • Telephone: 1-800-282-1376 (toll-free within Canada)
  • Website: www.priv.gc.ca
  • Mailing Address: 30 Victoria Street, Gatineau, Quebec, K1A 1H3, Canada

If you are located in a different jurisdiction, you may instead contact your local data protection regulator. For instance, individuals in the European Union can reach out to their national Data Protection Authority (DPA), and individuals in the UK can contact the Information Commissioner’s Office (ICO). These authorities can provide you with information about your privacy rights and avenues for resolving disputes.

Thank you for reading our Privacy Policy. We are committed to protecting your personal data and upholding your privacy rights. If you have any further questions or need clarification on any aspect of this Policy, please do not hesitate to contact Pontispay at info@pontispay.com. Your trust is important to us, and we will do our utmost to ensure your personal information is handled safely and transparently.