Log In
Open Account

Privacy Policy

  • Home
  • Privacy Policy
image

EXIM PAY — PRIVACY POLICY

Exim Pay ("Exim Pay", "we", "us", "our") values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you access or use our services, including our websites, mobile applications, APIs, merchant services, and related payment products (collectively, the "Services").

This Privacy Policy is intended to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws where relevant.

By using the Services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

1. WHO WE ARE

Exim Pay is a payment services provider offering payment processing and related financial technology services, which may include money transfers, merchant payment acceptance, settlement services, bill payments, payouts, and other payment services.

For privacy purposes, Exim Pay acts as the organization responsible for personal information under PIPEDA.

2. SCOPE

This Privacy Policy applies to personal information collected through:

  • Exim Pay websites and applications
  • Customer onboarding and account registration
  • Payment processing, transfers, settlement and payouts
  • Merchant onboarding and processing
  • Customer support communications
  • Agent-assisted services (where applicable)

This Privacy Policy does not apply to third-party services that you may access through links on our platform.

3. PERSONAL INFORMATION WE COLLECT

We collect personal information necessary to provide secure payment services, prevent fraud, and meet legal and regulatory obligations.

3.1 Information You Provide to Us

Individuals (Consumers):

  • Full name, date of birth
  • Email address, phone number
  • Residential address and proof of address
  • Government-issued identification (e.g., passport, driver's license, provincial ID, PR card)
  • Selfie verification and liveness checks (where required)
  • Employment or occupation details (where required for compliance)
  • Source of funds / source of wealth information (where required)

Merchants / Business Customers:

  • Business name, address, registration/incorporation details
  • Directors, beneficial owners, and signing authority details
  • Business banking details for settlement
  • Business activity, industry, and expected transaction volumes
  • Supporting documents and authorization records
3.2 Transaction & Financial Information
  • Payment and transfer details (amount, currency, date/time, recipient/beneficiary details)
  • Wallet or account balances (where applicable)
  • Settlement and payout details
  • Merchant processing data, refunds, and chargebacks
  • Dispute and complaint records
  • Payment instrument information (bank account details, card tokenized data, payment identifiers)

Important: Where card payments are offered, Exim Pay does not intentionally store full card numbers or CVV, and card data is handled through secure payment processors in accordance with applicable security standards (e.g., PCI DSS where applicable).

3.3 Technical & Device Information
  • IP address, device ID, browser type, operating system
  • App usage activity, log files, crash data
  • Location information (only if enabled and required for fraud prevention or service delivery)
  • Cookies and similar tracking technologies (see Section 10)
3.4 Information from Third Parties

We may collect information from:

  • Identity verification and fraud prevention providers
  • Banks, payment processors, card networks, mobile money providers
  • Credit bureaus and compliance databases were permitted
  • Public sources and screening lists (sanctions, PEPs, adverse media where lawful)
  • Partners and agents participating in service delivery

4. WHY WE COLLECT AND USE YOUR INFORMATION

We collect, use, and disclose personal information for the following purposes:

4.1 Service Delivery
  • Registering and managing your account
  • Processing payments, transfers, settlements, and payouts
  • Providing receipts, confirmations, notifications, and customer support
  • Verifying identity and eligibility for certain services or limits
  • Managing disputes, refunds, and chargebacks
4.2 Compliance with Legal and Regulatory Obligations

Exim Pay may be required to collect and retain personal information to comply with applicable laws and regulatory requirements, including but not limited to:

  • Anti-money laundering and counter-terrorist financing (AML/CTF) obligations
  • Identity verification (KYC/KYB)
  • Sanctions and watchlist screening
  • Recordkeeping and audit requirements
  • Reporting obligations to regulatory or law enforcement agencies, where required by law
4.3 Fraud Prevention and Security
  • Detecting and preventing suspicious activity, unauthorized use, and fraud
  • Risk scoring and transaction monitoring
  • Enhancing cybersecurity and protecting accounts
  • Maintaining platform integrity and enforcing Terms & Conditions
4.4 Improving Services
  • Platform analytics, quality control, product improvement
  • Testing features, system maintenance, and troubleshooting
  • Research and development (using anonymized or aggregated data where possible)
4.5 Marketing and Communications (Where Permitted)
  • Sending service updates, newsletters, promotions (you may opt out at any time)
  • Personalized offers and product announcements (subject to applicable laws)

5. CONSENT

  • We collect, use, and disclose personal information with your consent, except where consent is not required or is permitted to be waived under applicable law (for example, to comply with legal obligations, detect fraud, or respond to lawful requests).
  • Your consent may be express (e.g., you check a box during onboarding) or implied (e.g., you provide transaction information to complete a transfer).
  • You may withdraw consent in certain circumstances by contacting us; however, withdrawal may limit your ability to use our Services, and we may still retain information required by law.

6. HOW WE DISCLOSE AND SHARE YOUR INFORMATION

We do not sell your personal information. We may disclose personal information as needed to operate our Services.

6.1 Payment and Banking Partners

We may share information with:

  • Banks and settlement institutions
  • Payment processors and card networks
  • Mobile money operators and payout partners
  • Clearing and settlement networks
  • Merchant acquiring partners
6.2 Service Providers

We may use third-party providers for:

  • Identity verification and KYC/KYB
  • Fraud monitoring and cybersecurity
  • Cloud hosting and data storage
  • Customer support, communications, and analytics

These providers are required to protect your information and use it only to provide services to Exim Pay.

6.3 Agents and Merchants

Where applicable, we may share limited necessary information with agents and merchants to complete transactions, provide customer support, or manage settlements.

6.4 Legal and Regulatory Disclosures

We may disclose information to government bodies, regulators, and law enforcement when:

  • Required by applicable law or court order
  • Necessary to investigate fraud or security incidents
  • Required to comply with AML/CTF reporting or recordkeeping obligations
  • Needed to enforce our Terms & Conditions or protect rights and safety
6.5 Business Transfers

If Exim Pay is involved in a merger, acquisition, restructuring, or sale of assets, personal information may be transferred as part of that transaction, subject to safeguards required by law.

7. CROSS-BORDER DATA TRANSFERS

Exim Pay may process or store personal information outside Canada, including in jurisdictions where our service providers or payment partners operate.

When personal information is transferred outside Canada, it may be subject to the laws of that jurisdiction and may be accessible to law enforcement or government authorities in accordance with local laws.

We use contractual and organizational safeguards to protect personal information when transferred internationally.

8. DATA RETENTION

We retain personal information only for as long as necessary to:

  • Provide our Services
  • Meet legal and regulatory requirements (including recordkeeping requirements)
  • Resolve disputes and enforce agreements
  • Prevent fraud and manage risk

Retention periods may vary depending on regulatory obligations, transaction type, and account status. Once no longer required, information is securely deleted, anonymized, or archived in accordance with applicable law.

9. SECURITY OF PERSONAL INFORMATION

We maintain administrative, technical, and physical safeguards designed to protect your personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification.

Security measures may include:

  • Encryption in transit and at rest (where applicable)
  • Secure access controls and role-based permissions
  • Multi-factor authentication (where supported)
  • Monitoring and incident response procedures
  • Regular audits, security testing, and staff training

Despite these safeguards, no system can guarantee complete security. You are responsible for maintaining the confidentiality of your login credentials.

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to:

  • Enable platform functionality and session security
  • Prevent fraud and unauthorized activity
  • Analyze performance and improve user experience

You can manage cookies through your browser settings. Some features may not function properly if cookies are disabled.

11. BIOMETRIC AND ID VERIFICATION (IF APPLICABLE)

Where required for identity verification, we may collect biometric identifiers (such as a selfie scan or liveness verification). This information is used strictly for:

  • Verifying identity
  • Fraud prevention
  • Compliance with regulatory obligations

We use trusted verification providers and apply safeguards consistent with applicable law. We do not use biometric data for unrelated marketing purposes.

12. CHILDREN'S PRIVACY

Exim Pay Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we discover that a minor's information has been collected, we will delete it unless retention is required by law.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will post the updated policy on our platform and may notify you via email or app notification when changes are significant. Continued use of the Services after changes means you accept the updated Privacy Policy.