For Business

About us

Sign in

Contact sales

Effective Date: April 1, 2026

Privacy policy

1.   Introduction

At PayPoint Solutions Ltd. (hereinafter referred to as the "Company", "PayPoint", or "we"), the protection of your personal information is of paramount importance. We are committed to handling your personal data with the highest standards of confidentiality, integrity, and transparency, in full compliance with applicable Canadian data protection law, including the Personal Information Protection and Electronic Documents Act (PIPEDA), and, where applicable, the General Data Protection Regulation (GDPR).

We invite you to read this Privacy Policy carefully to understand how we collect, use, and safeguard your information, and how these practices may affect you.

By choosing to use our Services, you signify your acceptance of the practices described in this Privacy Policy. If you have any questions or concerns regarding our privacy practices, please contact us using the details below:

PayPoint Solutions Ltd.
Address: 1907 Baseline Rd, Unit 104, Ottawa, ON, K2C 0C7, Canada
E-mail: dpo@pay-point.net

2.   Information We Collect and Sources Thereof

2.1. Sources of Information

We collect personal data from a variety of sources in order to deliver, improve, and secure our Services. These sources may include:

  • Information You Provide Directly:  for example, when registering an account, initiating transactions, communicating with us, or otherwise interacting with our platform.

  • Automated Technologies:  we may collect certain information automatically through technologies such as cookies, log files, and session tracking as you interact with our website and services.

  • Third-Party Sources:  we may receive information from third parties such as payment processors, identity verification providers, or publicly available sources where necessary and lawful.

2.2. Categories of Information We Process

The personal data we collect and process may fall within the following categories:

  • Identity Data:  full name, government-issued ID number, date of birth, nationality, gender, ID document details, country of residence, and similar identifiers.

  • Contact Information:  email address, telephone number, residential address, and similar details.

  • Account Information:  username, account preferences, and related profile data.

  • Activity Data:  login and session data, usage patterns, activity logs, and clickstream data.

  • Financial Information:  bank account details, source of funds, income level, transaction history, and related financial data.

  • Transaction Data:  history and details of transactions processed through our platform, sender and recipient information, transaction purpose, current balances, and portfolio details.

  • Payment Data:  bank account details, payment card information, billing address, and payment confirmations.

  • Employment Details:  employment status, job title, and company information where relevant.

  • Risk Assessment Data:  risk profile and related assessments.

  • Technical and Device Data:  IP address, browser type, device type, operating system, website interaction data, cookie data, and information about technical issues.

  • Communication Preferences:  user preferences for marketing and other communications.

  • Communication Data:  records of interactions with customer support, including incoming and outgoing calls.

  • Feedback and Usage Data:  user feedback, platform usage patterns, and preferences.

  • Compliance and Regulatory Data:  information and documentation required for AML/KYC and other regulatory obligations, including identity verification documents, proof of address, photographic evidence, selfies, sanctions screening results, and related data.

  • Dispute and Claims Data:  information about the nature, circumstances, and resolution of any claims or disputes.

  • Biometric Data:  facial recognition data, fingerprints, and multi-factor authentication data.

  • On-Site Surveillance Data:  where applicable, video footage, metadata, and timestamps from on-site video surveillance systems.

3.   Purpose and Legal Basis for Processing

3.1. Overview

All processing of personal data by PayPoint is guided by specific, clearly defined purposes and conducted on a lawful basis in accordance with applicable data protection law. We are committed to ensuring that your data is processed transparently and only for the purposes for which it was collected. The applicable legal bases are:

  • Contractual Necessity:  processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.

  • Legal Obligations:  processing is required to comply with legal obligations, including tax and regulatory requirements.

  • Legitimate Interests:  processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your fundamental rights.

  • Consent:  processing is based on your explicit consent, which you may withdraw at any time.

  • Vital Interests:  processing is necessary to protect your vital interests or those of another person.

  • Public Task:  processing is necessary for a task carried out in the public interest or in the exercise of official authority.

3.2. Specific Processing Purposes

The table below sets out the specific purposes for which we process your personal data and the corresponding legal basis for each:

Purpose of Processing DescriptionLegal Basis
Service Provision Personal data is processed to facilitate delivery of our services, including transaction processing, account management, and ensuring platform security and functionality. Contractual Necessity
Legal and Regulatory Compliance Data may be processed to meet legal obligations, including financial reporting requirements, AML/KYC regulations, and other applicable mandates. Legal Obligation; Public Task
Fraud Prevention We process data to detect and prevent fraudulent activity, unauthorized access, and misuse of our services. Legitimate Interests
Service Improvement and Troubleshooting We process data to enhance and troubleshoot our services, analyze user interactions, identify improvements, and resolve technical issues. Contractual Necessity; Legitimate Interests
Risk Management We process data as part of our risk management framework, including assessing operational risks, detecting threats, and ensuring service stability and continuity. Legal Obligation; Legitimate Interests
Security We process data to ensure physical and information/cyber security, including monitoring for unauthorized access, fraud, and threats to platform integrity. Legitimate Interests
Customer Support and Communication We process data to provide support, respond to inquiries, resolve issues, and deliver service-related communications. Contractual Necessity; Legitimate Interests
Marketing We may process data to provide information about our products, services, promotions, and events, including personalized content and communications. Consent; Legitimate Interests
Research and Development We may process aggregated and anonymized data to identify trends, develop insights, and enhance our products and services. Legitimate Interests
Dispute Resolution and Legal Claims We process data to facilitate fair and efficient resolution of disputes and legal claims, including collecting and analyzing relevant information. Legal Obligation; Legitimate Interests

4.   Automated Decision-Making and Profiling

At PayPoint, we are transparent about our use of automated decision-making and profiling. These practices are described below:

  • Automated Decision-Making:  we may use automated processes, including algorithms and machine learning, to improve the efficiency and accuracy of certain decisions, such as those relating to service eligibility, fraud detection, or risk assessment. Appropriate safeguards are in place to ensure fair outcomes, and avenues for human review are available where required.

  • Profiling:  profiling involves the automated analysis of personal data to evaluate certain aspects of your preferences, behaviour, or interests. This enables us to deliver personalized services and targeted communications. We aim to keep such profiles accurate and relevant and to respect your ability to manage your preferences.

5.   Sharing Your Information

At PayPoint, we take the responsible disclosure of personal data seriously and share it only in accordance with applicable law. The categories of recipients with whom your data may be shared are as follows:

  • Service Providers:  we may engage trusted third-party service providers, including payment processors, IT support providers, and other vendors, to assist in delivering our services. These entities process data strictly on our behalf and in accordance with our instructions.

  • Business Partners and Affiliates:  in certain circumstances, we may share your data with business partners or affiliated companies in a manner consistent with the purposes set out in this Privacy Policy and, where required, with your explicit consent.

  • Legal and Regulatory Authorities:  we may disclose your data to comply with legal obligations or to respond to lawful requests from governmental or regulatory authorities, including in connection with the prevention, detection, or investigation of criminal activity.

  • Other Recipients:  with your explicit consent or under another appropriate legal basis, we may share your data with third parties for specific purposes not otherwise covered. We will ensure the appropriate legal basis exists before any such sharing takes place.

6.   Data Security

We take the security of your personal data seriously and have implemented a comprehensive range of technical and organizational measures to protect it. These measures may include access controls, physical security, data encryption, security audits, incident response procedures, and employee training.

We also encourage you to take an active role in protecting your information by using strong, unique passwords, keeping your login credentials confidential, and exercising caution regarding the information you share online.

If you have any questions about our security practices or suspect any unauthorized access to your information, please contact us promptly at dpo@pay-point.net Your cooperation is essential to maintaining the security and integrity of our Services.

7.   Your Choices

At PayPoint, we believe in empowering you with meaningful control over your personal data.

  • Required and Optional Information:  certain information is mandatory for the provision of our services as required by law, contract, or regulation. Without this information, we may be unable to provide services to you. Mandatory fields will be clearly indicated where applicable. Optional information may be provided to enhance your experience but is not a condition of service.

  • Updating Your Information:  you may access and update your account information through your account settings at any time. For specific requests, please contact us at dpo@pay-point.net .

  • Withdrawing Consent:  where we rely on your consent for any processing activity, you have the right to withdraw that consent at any time, including through opt-out mechanisms or by contacting us directly.

8.   Your Data Protection Rights

8.1.   As an individual, you have the following rights in respect of your personal data:

  • Right to be Informed:  you have the right to receive clear and transparent information about how we process your personal data, as provided in this Privacy Policy.

  • Right of Access:  you have the right to request access to the personal data we hold about you.

  • Right to Rectification:  you have the right to request that we correct any inaccurate or incomplete personal data.

  • Right to Erasure:  you have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected.

  • Right to Restriction of Processing:  you may request restriction of processing where you contest the accuracy of the data, the processing is unlawful, or we no longer need the data for the original purpose.

  • Right to Object:  you have the right to object to the processing of your personal data on grounds relating to your particular situation, except where we have compelling legitimate grounds that override your interests.

  • Right to Withdraw Consent:  where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of any processing carried out prior to withdrawal.

  • Right to Data Portability:  you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.

Please note that these rights are not absolute and may be subject to legal limitations.

8.2.   To exercise any of the above rights, please contact us using the details provided in Section 1. Self-help options may also be available within your account settings for certain requests. For security purposes, we may request additional information to verify your identity before processing any request.

9.   International Data Transfers

At PayPoint, we prioritize the security and lawful handling of your personal data. While the majority of our processing activities occur within Canada and, where applicable, the European Economic Area (EEA), certain circumstances may require the transfer of your data to other jurisdictions. Any international transfers are conducted in compliance with applicable data protection law, including implementation of appropriate safeguards and contractual measures to ensure continued protection of your data.

10.   Complaints

We are committed to resolving any concerns about our data processing practices promptly and fairly. If you have any issues, please contact us at dpo@pay-point.net in the first instance. Our dedicated team will work with you to find an amicable resolution.

You also have the right to lodge a complaint with the relevant supervisory authority. Residents of Canada may contact the Office of the Privacy Commissioner of Canada. Residents of the EU/EEA may contact the data protection authority of their respective member state. Residents of other jurisdictions should contact their local privacy regulatory body.

11.   Children's Privacy

PayPoint services are not directed to individuals under the age of 18 (minors). We do not knowingly collect personal data from minors. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at dpo@pay-point.net so that we may take appropriate action.

12.   Updates to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be published on our website, with the date of the most recent revision indicated. In the event of significant changes, we may notify you using the contact details we hold.

It is your responsibility to review this Privacy Policy periodically to remain informed of our practices. Continued use of our services following any update constitutes your acceptance of the revised Policy.


Effective Date: April 1, 2026