Effective Date: June 2, 2026
Last Updated: June 2, 2026
This Privacy Policy describes how PrivatePay (operated on privatepay.io) collects, uses, and protects your personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy regulations.
2.1. Information We Collect
We collect information necessary to provide our payment services, comply with regulatory requirements, and ensure the security of our platform. This includes:
- Identity & Contact Information: Full name, billing address, email address, and phone number.
- Financial Identifiers: Bank account details, payment card numbers, transaction history, and other identifiers required by Canadian regulations for financial processing and Anti-Money Laundering (AML) / Know Your Customer (KYC) compliance.
- Technical & Usage Data: IP address, device type, operating system, and data on how you interact with our website and payment gateway.
2.2. How We Use Your Information
Your information is used solely for legitimate business operations and legal compliance, specifically:
- Transaction Processing: To process payments, handle refunds, and manage settlement operations.
- Regulatory Obligations: To fulfil our legal duties under Canadian financial regulations, including FINTRAC reporting guidelines and fraud prevention requirements.
- Service Communication: To send critical transaction receipts, system status updates, security alerts, and administrative notifications.
- Platform Security: To detect, investigate, and prevent fraudulent transactions, cyber threats, and unauthorized activities.
2.3. Information Sharing and Disclosure
PrivatePay does not sell or rent your personal information to third parties. We only share information with trusted third parties as required to deliver our services, including:
- Financial Institutions & Processors: Banking partners and card networks involved in the clearing and settlement of your transactions.
- Legal & Regulatory Authorities: Government bodies or law enforcement agencies when required to comply with PIPEDA, FINTRAC regulations, or an active legal order.
- Service Providers: Third-party vendors providing hosting, fraud detection, or technical support under strict confidentiality agreements.
2.4. Data Security and Safeguards
We implement advanced technical and organizational measures to protect your personal information against unauthorized access, loss, alteration, or disclosure. This includes industry-standard encryption protocols (such as SSL/TLS), secure access controls, and strict compliance with Payment Card Industry Data Security Standards (PCI-DSS).
2.5. Data Retention
We retain your personal and financial information only for as long as necessary to fulfill the purposes for which it was collected, or as mandated by Canadian federal and provincial financial retention laws (typically a minimum of 5 to 7 years for financial records).
2.6. Your Rights and Access
Under PIPEDA, you have the right to request access to the personal information we hold about you and to request corrections if any information is inaccurate or incomplete. If you wish to exercise these rights, please contact our privacy team.
2.7. Contact Us
For privacy inquiries, questions about our data practices, or to exercise your rights under PIPEDA, please contact our Privacy Officer at:
Email: [email protected]