Open Account
Menu
Log in Open Account

Privacy Policy

Last Updated: February 2026 — Version 1.0

1. Introduction

FIN TWIN TECHNOLOGIES INC., operating as FINTWIN PAY ("we," "us," "our," or the "Company"), is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you access our website at fintwinpay.com (the "Web Portal") or use any of our services (the "Services").

We are incorporated under the laws of the Province of Ontario, Canada, and registered as a Money Services Business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) under Registration Number C10001675. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), the Retail Payment Activities Act (RPAA), and all other applicable privacy and data protection legislation.

This Privacy Policy forms an integral part of our Terms of Use and should be read in conjunction with them. By accessing the Web Portal, creating a FINTWIN Account, or using any of our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Personal Information Provided by You

We collect the following categories of personal information directly from you:

  • Identity Information: Full legal name, date of birth, nationality, government-issued identification documents and numbers (passport, driver's licence, national ID card).
  • Contact Information: Email address, telephone number, residential address.
  • Financial Information: Bank account details, transaction history, source of funds, source of wealth, and information relating to your financial standing.
  • Employment and Business Information: Occupation, employer name, nature of business (for corporate clients: articles of incorporation, beneficial ownership declarations, corporate structure).
  • Virtual Currency Information: External wallet addresses used for cryptocurrency deposits, blockchain transaction identifiers.

2.2 Information Collected Automatically

When you access the Web Portal, we automatically collect:

  • Technical Information: IP address, device type, operating system, browser type and version, language preference.
  • Usage Information: Pages visited, time spent on pages, clickstream data, login timestamps.
  • Security Information: Authentication logs, session identifiers, two-factor authentication events.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Identity verification and KYC service providers.
  • Sanctions lists and Politically Exposed Persons (PEP) databases.
  • Blockchain analytics providers (for virtual currency transactions).
  • Credit bureaus and financial institutions.
  • Government and regulatory databases.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Delivery: To process foreign exchange transactions, wire transfers, FINTWIN transfers, and virtual currency exchange services; to create and manage your FINTWIN Account.
  • Identity Verification and Compliance: To comply with Know Your Customer (KYC), Client Due Diligence (CDD), Enhanced Due Diligence (EDD), and Anti-Money Laundering (AML) requirements under the PCMLTFA and applicable FINTRAC guidance.
  • Transaction Processing: To process, settle, and communicate with you regarding your transactions, including the application of the Travel Rule for virtual currency transfers.
  • Fraud Prevention and Security: To detect, prevent, and investigate fraud, money laundering, terrorist financing, sanctions evasion, and other illegal or unauthorized activities.
  • Regulatory Reporting: To file Suspicious Transaction Reports (STRs), Large Virtual Currency Transaction Reports (LVCTRs), Electronic Funds Transfer Reports (EFTRs), and other reports with FINTRAC as required by law.
  • Risk Management: To conduct sanctions and PEP screening, blockchain analytics, and ongoing transaction monitoring.
  • Service Improvement: To analyze usage patterns and improve the functionality, security, and performance of our Services.
  • Legal Obligations: To comply with court orders, regulatory requests, tax obligations, and other legal requirements.
  • Communication: To send you service-related notices, security alerts, and account updates.

4. Legal Basis for Processing

We process your personal information on the following legal grounds:

  • Contractual Necessity: Processing necessary to perform our obligations under the Terms of Use and to provide our Services to you.
  • Legal Obligation: Processing required to comply with Canadian federal and provincial laws, including the PCMLTFA, RPAA, PIPEDA, FINTRAC reporting requirements, and tax legislation.
  • Legitimate Interest: Processing necessary for fraud prevention, security, risk management, and the improvement of our Services.
  • Consent: Where you have provided explicit consent for specific processing activities. You may withdraw your consent at any time, subject to legal and contractual limitations (see Section 9).

5. Third-Party Data Processors

We share your personal information with the following third-party service providers who process data on our behalf for the purposes described in this Privacy Policy:

Provider Service
Reload dev s.r.o. (Beekeeper) Core payment platform infrastructure
Sumsub KYC, identity verification, and Travel Rule compliance
OpenSanctions Sanctions and PEP screening
Scorechain Blockchain analytics and AML compliance
Fireblocks Digital asset custody and transfers

All third-party data processors are contractually bound to process your personal information in accordance with applicable law and this Privacy Policy. We exercise due diligence in selecting and monitoring our service providers.

6. Other Disclosures

In addition to our third-party data processors, we may disclose your personal information to:

  • Regulatory Authorities: FINTRAC, the Bank of Canada, tax authorities, and other government agencies, as required by law or in response to lawful requests.
  • Financial Partners: Banks, payment processors, and correspondent financial institutions necessary to complete your transactions.
  • Legal Proceedings: Courts, law enforcement agencies, or other parties when required by law, court order, subpoena, or to protect our legal rights.
  • Corporate Transactions: In connection with a merger, acquisition, reorganization, or sale of assets, provided that the receiving party agrees to protect your personal information in a manner consistent with this Privacy Policy.

We do not sell your personal information to third parties for marketing or advertising purposes.

7. International Data Transfers

As a cross-border payment service provider, your personal information may be transferred to, stored, and processed in jurisdictions outside of Canada where our third-party service providers and financial partners operate. These jurisdictions may have data protection laws that differ from those of Canada.

Where we transfer personal information outside of Canada, we ensure that appropriate contractual, technical, and organizational safeguards are in place to protect your information in compliance with PIPEDA. We require all third-party data processors to maintain a level of protection for your personal information that is comparable to the protection provided under Canadian law.

8. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations. The following minimum retention periods apply:

  • Client identification records: Minimum five (5) years from the date the business relationship ends.
  • Transaction records: Minimum five (5) years from the date of the transaction.
  • FINTRAC reports (STRs, LVCTRs, EFTRs): Minimum five (5) years from the date the report is filed.
  • Compliance program documentation: Minimum five (5) years from the date the document was created or last updated.
  • Complaint records: Minimum seven (7) years from the date the complaint is resolved.

When retention is no longer required by law or for legitimate business purposes, we securely delete or anonymize your personal information.

9. Your Privacy Rights

Under PIPEDA and applicable Canadian privacy law, you have the right to:

  • Access: Request a copy of the personal information we hold about you and information about how it is used and disclosed.
  • Correction: Request the correction of inaccurate, incomplete, or outdated personal information.
  • Withdrawal of Consent: Withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal and contractual limitations. Please note that withdrawing consent may affect our ability to provide certain Services to you.
  • Complaint: Lodge a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated. Website: www.priv.gc.ca

To exercise any of these rights, please contact us at [email protected] with "PRIVACY" in the subject line. We will respond to your request within thirty (30) days.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS) and at rest.
  • Multi-factor authentication and role-based access controls.
  • Regular security assessments, vulnerability scanning, and penetration testing.
  • Employee training on data protection and information security.
  • Incident response and breach notification procedures.
  • Secure data disposal practices.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

11. Cookies and Tracking Technologies

Our Web Portal uses cookies and similar technologies for the following purposes:

  • Essential Cookies: Required for the operation of the Web Portal, including authentication, session management, and security.
  • Preference Cookies: Used to remember your settings and preferences.
  • Analytics Cookies: Used to analyze website usage and performance to improve our Services.

We do not use cookies for third-party advertising or behavioural tracking. You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Web Portal.

12. Children's Privacy

Our Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a minor, we will take steps to delete such information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will:

  • Post the updated Privacy Policy on the Web Portal with a revised "Last Updated" date.
  • Notify you by email or through the Web Portal of significant changes.

Your continued use of our Services after the publication of the updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or our privacy practices, please contact us:

FIN TWIN TECHNOLOGIES INC.
Privacy Officer
1025 King Street East, Unit 107-1587
Cambridge, Ontario, N3H 3P5, Canada
Email: [email protected] (subject line: "PRIVACY")

Version Effective Date Approved By
1.0 February 2026 Pavel Martynov, Director

Copyright 2026 FIN TWIN TECHNOLOGIES INC. All rights reserved.