Privacy Policy

This Privacy Policy draft describes how MultiPay may collect, use, disclose, retain, and protect personal information in connection with its public website, corporate inquiries, onboarding review, secure portal access, and approved corporate payment services.

This policy is written for Canadian legal review and is intended to align with Canada's Personal Information Protection and Electronic Documents Act, commonly known as PIPEDA, and other privacy laws that may apply to MultiPay's activities in Canada.

This policy addresses personal information about individuals, including business representatives, beneficial owners, directors, officers, authorized users, counterparties, and other individuals whose information may be provided to MultiPay in connection with corporate payment services.

MultiPay may collect business contact information such as name, business title, company, email address, telephone number, business address, and communication history when a person submits an inquiry or communicates with MultiPay.

During onboarding and ongoing review, MultiPay may collect information required to understand a business, verify identity, assess beneficial ownership and control, review directors and officers, evaluate the intended use of services, and comply with legal, regulatory, risk, banking partner, and payment partner requirements.

MultiPay may collect portal and transaction-related information, including authorized-user details, device and login information, payment instructions, recipients or senders, transaction amounts, currencies, corridors, supporting documents, and records associated with account activity.

The website may collect technical information such as IP address, browser type, device identifiers, pages visited, referral URLs, approximate location derived from network information, and other analytics or security information generated through website use.

Information may be collected directly from you, your business, your authorized representatives, your use of the website or secure portal, onboarding forms, correspondence, transaction instructions, and documents submitted to MultiPay.

Information may also be collected from lawful third-party sources where appropriate, including identity verification providers, compliance databases, financial institutions, payment partners, public registries, corporate records, sanctions or politically exposed person screening tools, fraud-prevention resources, and other service providers that support onboarding, monitoring, security, or service delivery.

MultiPay may use personal information to respond to inquiries, assess business fit, conduct onboarding and due diligence, verify identity and authority, configure approved services, operate the secure portal, process or review transactions, communicate with clients, provide support, maintain records, and administer client relationships.

MultiPay may also use information to detect, prevent, and investigate fraud, unauthorized access, suspicious activity, sanctions exposure, prohibited use, operational errors, security incidents, legal claims, and other risks associated with corporate payment services.

Information may be used for compliance with legal and regulatory obligations, including obligations relating to anti-money laundering, anti-terrorist financing, sanctions screening, reporting, audit, recordkeeping, taxation, court orders, regulator requests, and payment-system or banking-partner requirements.

Where required by Canadian privacy law, MultiPay will seek meaningful consent for the collection, use, or disclosure of personal information. Consent may be express or implied depending on the sensitivity of the information, the context, applicable law, and the reasonable expectations of the individual.

In some circumstances, MultiPay may collect, use, or disclose personal information without consent where permitted or required by law, including for fraud prevention, investigations, legal compliance, debt collection, emergencies, regulatory reporting, or other purposes recognized by applicable Canadian privacy legislation.

MultiPay may disclose personal information to service providers, affiliates, professional advisers, financial institutions, payment processors, payment networks, correspondent or intermediary institutions, compliance vendors, identity verification providers, fraud-prevention providers, technology providers, storage providers, and other parties that support onboarding, service delivery, security, compliance, operations, or client support.

MultiPay may disclose information where required or permitted by law, including to regulators, law-enforcement agencies, courts, government authorities, auditors, banking or payment partners, dispute-resolution bodies, and other parties involved in investigating or preventing unlawful or unauthorized activity.

MultiPay does not sell personal information. MultiPay may share information for legitimate business, operational, compliance, security, or service-delivery purposes as described in this policy and applicable agreements.

MultiPay's corporate payment services may involve service providers, financial institutions, payment partners, technology systems, or counterparties located in Canada or other jurisdictions. Personal information may be processed or stored outside the province or country where it was collected.

When information is processed outside Canada, it may be subject to the laws of the jurisdiction where it is processed, including lawful access requests by courts, regulators, law-enforcement agencies, or government authorities in that jurisdiction.

MultiPay uses contractual, operational, and security measures that are intended to protect personal information handled by service providers, subject to legal review and the nature of the service relationship.

MultiPay retains personal information for as long as reasonably necessary to fulfill the purposes described in this policy, provide services, administer client relationships, resolve disputes, maintain business records, comply with legal and regulatory obligations, and satisfy audit, reporting, risk-management, and recordkeeping requirements.

Retention periods may vary depending on the type of information, the client relationship, transaction activity, legal obligations, partner requirements, and whether an inquiry, onboarding review, account, transaction, investigation, dispute, or legal matter remains active.

When information is no longer required, MultiPay will take reasonable steps to securely destroy, delete, anonymize, or restrict access to it, subject to legal, regulatory, operational, backup, and archival requirements.

MultiPay uses administrative, technical, and physical safeguards intended to protect personal information against unauthorized access, use, disclosure, alteration, loss, or destruction. Safeguards may include access controls, authentication, secure transmission methods, monitoring, employee training, vendor controls, and operational procedures.

No website, portal, email system, network, or storage environment can be guaranteed to be completely secure. Clients and authorized users are responsible for maintaining appropriate credential security, device security, internal approval controls, and timely reporting of suspected unauthorized access or security incidents.

The MultiPay website may use cookies, analytics tools, logs, pixels, or similar technologies to operate the site, support security, understand page usage, improve content, and maintain website performance.

You may be able to manage cookies through browser settings. Disabling cookies may affect some website features, session handling, security functionality, analytics accuracy, or portal-related user experience.

Any analytics or tracking configuration should be reviewed before final publication to confirm that this policy accurately describes the tools in use and any consent or notice requirements that apply under Canadian law.

Subject to applicable law and verification of identity, individuals may request access to personal information about them that is held by MultiPay and may request correction of information that is inaccurate or incomplete.

MultiPay may decline or limit access or correction requests where permitted by law, including where disclosure would reveal confidential commercial information, personal information about another individual, information protected by privilege, information generated in an investigation, or information that cannot be disclosed for legal, security, regulatory, or fraud-prevention reasons.

Requests may be submitted to [email protected]. MultiPay may request additional information to verify identity and authority before responding.

The MultiPay website or portal may contain links to third-party websites, platforms, or services. This Privacy Policy does not apply to third-party privacy practices, content, terms, security controls, or data handling unless expressly stated in a written agreement.

Users should review third-party privacy notices and terms before providing information to third-party services.

MultiPay's website and corporate payment services are intended for business and professional use. They are not directed to children, and MultiPay does not knowingly collect personal information from children through the public website for consumer-facing purposes.

MultiPay may update this Privacy Policy from time to time to reflect changes in legal requirements, services, business operations, technology, security practices, or data-handling procedures. The posted version may identify the effective date or draft revision date.

Where required by applicable law, MultiPay will provide additional notice or seek consent for material changes to privacy practices.

Questions, access requests, correction requests, or privacy-related concerns may be directed to [email protected]. The final legally approved policy should identify the appropriate privacy officer or accountable contact, mailing address, and any required complaint-handling process.