Remit123 Canada

Remit123
Menu

Privacy Policy

Remit123 (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy outlines how Remit123 (“the Company,” “we,” “our,” “us”) collects, uses, discloses, stores, secures, and disposes of personal data, including sensitive personal data (“Personal Data”). It applies to all customers and visitors of the Remit123 website and should be read with our Terms of Service, which shall prevail in case of any inconsistency. We are committed to safeguarding your information and using it solely for legitimate business purposes. For this Policy, “you” refers to individual customers who use Remit123 services. Remit123 provides money transfer and related financial services (“Services”) in compliance with applicable laws and regulations.

  1. Who/what does the policy apply to

    This Privacy Policy applies to all personal data collected and processed by Remit123 in its capacity as a data controller. It covers both visitors and account holders of our services worldwide. Remit123 complies with applicable Canadian privacy and financial regulations.

    Recipients of transfers in other jurisdictions are not our customers, and we do not collect or store their personal data except what is necessary to complete the transaction. We do not store recipient data beyond what is strictly required to complete the transfer and comply with regulatory reporting obligations.

    The Policy applies to all forms of personal data, whether physical or digital, collected or stored electronically or in hard copy.

    If you provide us with personal data about someone other than yourself, you confirm and warrant that you have obtained that individual’s consent to share such information for the purposes described in this Policy. For recipient information, consent is not required as it is collected solely for the purpose of executing the transfer and complying with applicable laws.

  2. What information we collect

    Personal data means any information about an identified or identifiable natural person. It includes information you provide to us (for example, name, contact details, government ID) and information we collect when you use our services (for example, device information, IP address). It does not include de-identified or aggregated information that cannot be linked to an individual.

    We collect personal data in three main ways: (a) directly from you (for example, when you register or provide identity documents); (b) automatically when you use our services (for example, transaction and device data); and (c) from third parties (for example, financial institutions, identity verification providers, public registers).

    1. Information you give us

      When you sign up for Remit123, use our platform, or participate in promotions or communications, you may provide information that we need to provide services, to meet legal or regulatory obligations (for example KYC/AML), or to improve your experience. This may include:

      • Contact details - name, email address, postal address and telephone number.
      • Personal details - date of birth; government identification numbers and images (e.g., passport, driver’s licence, national ID); tax residency and tax identification numbers; and proof of address or residency. Social Insurance Numbers (SIN), Social Security Numbers (SSN), and other national identifiers are treated as highly sensitive and are processed only where strictly necessary and with additional safeguards.
      • Financial information - bank account and routing numbers (e.g., IBAN), card details if provided, account ownership evidence, and limited financial history or documentation needed to verify source of funds.
      • Communications - emails, call or chat recordings, and other communications you send to us (used for support, quality assurance and dispute resolution).
      • Information about personal circumstances - information about health, vulnerability, capacity or other personal circumstances when provided, to help identify vulnerable customers or otherwise meet regulatory or service obligations.
      • Source of funds/wealth - documentation evidencing source of funds or wealth (for example bank statements, loan contracts, equity agreements) required for transaction screening and AML compliance.

        Additional for personal accounts:

      • Contact list access - access to your address book/contacts only if you grant permission (for features such as Group Spending or quick-send); we use such data only with your consent and you can revoke access at any time.

      If you fail to provide information we indicate is required (for example for KYC/AML or to process a payment), we may be unable to provide certain services, suspend or restrict your account, or close your account. (Some collection is required by law and cannot be avoided.)

      Please keep your contact details accurate. You may update them in account settings or by contacting customer support; we may require proof of identity before making changes.

      If you provide personal data about another person (for example a beneficial owner, authorised user, payee or counterparty), you represent and warrant that you are authorised to provide that information and that the person has been informed of how we will use it where required. Notwithstanding this, certain personal data may be collected, retained or disclosed to meet legal or regulatory obligations (for example KYC/AML reporting), even if the person has not provided consent.

    2. Information we collect from your use of our services

      We collect certain information automatically when you use our services. This information is used for transaction processing, security, fraud prevention, analytics and service improvements. Examples include:

      • Transaction data - transaction amount, currency, date/time, payer and beneficiary details, routing/correspondent bank information, and transaction geolocation where relevant for compliance and fraud detection.
      • Device information - IP address, login records, device and browser type/version, operating system, device identifiers, network type and other technical metadata used to authenticate users and secure accounts.
      • Usage information - pages visited, features used, search queries, error logs and app telemetry (including permissions you grant) used to improve and troubleshoot our services.
      • Behavioral biometrics - device and behavioural signals (for example typing cadence, keystroke dynamics, touch/mouse behaviour) used to detect and prevent fraud, account takeover and unauthorised use.
    3. Information we receive from other sources

      We may receive personal data about you from third parties to verify identity, assess risk, and provide our services. These sources include, without limitation:

      • Financial institutions and payment service providers (connected accounts, confirmation of payment, settlement information).
      • Payment beneficiaries, payees or other connected persons who provide account or identity details.
      • Third-party business systems (for example accounting software) you connect to your account.
      • Advertising, analytics and search providers (referral and campaign information).
      • Identity verification, fraud prevention and sanctions screening providers, credit bureaus and government or private databases.
      • Publicly available sources such as company registries, public records and other public databases for due diligence and KYC/KYB.

      Information about recipients or counterparties is collected only for transaction processing and regulatory requirements. Recipients are not considered Remit123 users or customers.

      We use information from these sources for identity verification, sanctions screening, fraud prevention, transactional reconciliation and regulatory compliance (including AML/KYC).

    4. Information from social networks

      If you sign in into our services using a social account (e.g., Apple ID, Facebook, Google), we receive necessary authentication details (e.g., profile and email address) in line with that platform’s privacy policy.

      When you visit or interact with our social media pages (e.g., Facebook, Instagram, LinkedIn), those platforms may collect and compile personal data into aggregated statistics. We cannot access individual-level data but may view aggregated reports.

      We may also collect information from your public posts, comments, tags, or direct messages to us, and may occasionally use publicly available social media information for enhanced due diligence checks.

  3. Ways we use your information

    1. We collect, use and disclose personal data only where permitted by applicable law. We process Personal Data for specific, lawful purposes such as providing our services, meeting legal obligations, protecting our customers, and improving our systems.

      We rely on the following lawful bases for processing Personal Data:

      • Contract Necessity - where processing is required to enter into or perform our agreement with you (e.g., making or receiving payments).
      • Legal Obligation - to comply with applicable financial, anti–money laundering (AML), counter–terrorist financing (CTF), and tax laws.
      • Legitimate Interests - where processing is necessary for our reasonable business purposes, balanced against your rights (e.g., service improvement, fraud prevention).
      • Consent - where you have expressly agreed to the collection, use, or disclosure of your information (e.g., biometric data, marketing communications).
      • Substantial Public Interest - where we process sensitive information to protect vulnerable customers or comply with laws addressing public safety, financial crime prevention, or other protected areas.

      Purposes for which we will use your personal data: the ways we plan to use your personal data, along with the corresponding legal bases, are described below:

      • Know Your Customer (KYC) - We collect and verify your identity during onboarding to determine your eligibility to use our services and to comply with Know Your Customer (KYC) obligations under regulations.
      • Service delivery - We process personal data to provide products and services (for example money transfers, account features and related services) where processing is necessary to perform our contract with you and to meet regulatory obligations.
      • Customer support and service quality - Monitoring and recording communications (calls, chats, emails) for training, quality assurance, and dispute resolution.
      • Facilitating payments and discoverability We use information to provide features that make it easier for others to send funds to you (for example QR codes, payment links or contact-list based features where you grant permission).
      • Account safety and fraud prevention - We use information to detect, prevent and investigate fraud, unauthorised transactions, money laundering, terrorist financing and other crimes; this may include behavioural and biometric signals for account recovery or changes to devices. (Legitimate business purpose and where required, legal obligation.)
      • Compliance and enforcement - Meeting reporting requirements to lawful authorities, responding to lawful requests, enforcing our agreements, recovering amounts owed, assisting third parties in recovering funds sent in error, and protecting our staff from abuse or threats.
      • Marketing and analytics - We may use information to personalise communications, measure advertising effectiveness and tell you about products and services; marketing communications will only be sent where we have valid consent.
      • Service maintenance and improvement - Administering, developing, testing, and improving our systems and services, including use of AI and machine learning for fraud prevention and operational efficiency. Customers will be informed when interacting with AI systems.

      Certain Personal Data is processed and retained to comply with anti-money-laundering (AML) and counter-terrorist-financing (CTF) obligations.

      Such processing is mandatory under applicable law, may be carried out irrespective of consent, and is not subject to deletion, restriction, or objection rights where retention is legally required.

      Remit123 may disclose relevant information to competent authorities, financial-intelligence units, or law-enforcement agencies when required to meet statutory reporting or investigative obligations.

      Suspicious or unusual activity detected during onboarding or transaction monitoring may result in the filing of Suspicious Transaction Reports (STRs) or Suspicious Activity Reports (SARs).

      These reports are handled through secure internal escalation processes by authorised compliance officers and submitted to regulators in accordance with applicable laws.

    2. Processing Required by Law

      Certain types of processing are mandatory under applicable laws and cannot be refused or withdrawn by you.

      These include:

      • Identity verification (KYC) to confirm your identity and eligibility to use our services.
      • AML/CTF screening and ongoing monitoring of transactions and counterparties.
      • Sanctions and fraud checks required by regulators and financial institutions.
      • Regulatory reporting to competent authorities or law enforcement where required.

      These activities are carried out on the basis of Legal Obligation or Substantial Public Interest and do not require your consent.

      Remit123 limits such processing strictly to what is necessary to comply with applicable law.

    3. Automated Decision-Making and Profiling

      We may use automated processing, including risk scoring and transaction monitoring, to help detect suspicious activity, prevent fraud, and meet our legal and security obligations.

      Where an automated decision produces legal or other significant effects for you, you may request human review and obtain an explanation of the decision by contacting office@remit123.ca.

  4. How we share your personal data

    We share personal data only as described in this policy, and only where permitted by law or where you have authorised the sharing. We may share information with our affiliates, third-party service providers, payment and settlement partners, banks and correspondent financial institutions, identity and fraud-prevention providers, auditors and professional advisers. Information you choose to make public (for example a public profile) may be accessible to others. We limit access to personal data to those employees, contractors and service providers who need it to perform their duties; we require contractual confidentiality and security controls.

    We may also disclose information:

    1. To comply with legal requests from government agencies, public authorities, law enforcement, or other entities as required by law.
    2. To meet national security, law enforcement, or other legal requirements.

    We aim to minimize sharing your personal data, only disclosing it as needed for business purposes or as legally required. We ensure service providers protect your data. We may share your personal data with the following:

    • Service Providers
      We may share your personal data with trusted third-party service providers who support our remittance services, such as payment processors, banking partners, compliance and verification providers, hosting, analytics, and customer support platforms.
    • Regulatory and Compliance Requirements: We may disclose your information to We may disclose your information to authorized agencies and financial institutions as required to comply with anti–money laundering (AML), counter-terrorist financing (CTF), and other regulatory obligations.
    • Carrier Documentation: Certain identification details may be shared with carrier or banking partners to verify your identity or process remittance transactions. Such data is transferred securely using industry-standard protocols.
    • Payment Processing: Payment details are collected and processed exclusively by our secure payment partners and are not stored or accessible by us beyond what is legally or operationally required.
    • Limited Use and Access: We only provide service providers with the minimum necessary information to perform their functions and require them to maintain strict confidentiality and security of your data.

    Business Transfers
    We may transfer personal data to a buyer, or prospective buyer, in the event of a merger, acquisition, sale of assets or insolvency. Where feasible we will notify affected individuals and require the recipient to honour this privacy policy and apply appropriate safeguards.

    Legal Process
    We may share your information we collected if the law complies with the court order, judicial proceeding, or other legal processes. We also reserve the right to share personal data or any other information we deem relevant or necessary to protect fraud, misuse, and unlawful act, claim our right against third parties and protect our legal right and avoid the violation of terms of services. We could disclose it with law enforcement, government agencies, courts, or other third parties in the following scenarios:

    1. When required by applicable laws or regulations.
    2. To exercise, establish, or defend our legal rights.
    3. To protect your vital interests or the vital interests of another person.

  5. Data Retention

    We retain your personal data only as long as necessary to provide our services and to comply with legal, regulatory, tax, or accounting requirements.

    As a regulated financial services provider, certain records such as identity verification and transaction data are required by law to be retained for up to seven (7) years after account closure or the completion of the relevant transaction, unless a longer period is required by applicable law or necessary for legitimate business or legal purposes.

    Once Personal Data is no longer required, we securely delete, anonymize, or destroy it using appropriate technical and organizational safeguards.

  6. How do we protect your information?

    1. We are committed to safeguarding your personal data and maintaining appropriate security measures in compliance with applicable privacy and financial regulatory requirements, and other relevant authorities. While transmission of data over the internet is not fully secure, we take commercially reasonable steps to protect your information. Any transmission of your data is at your own risk. Once received, we implement robust technical and organisational measures to protect it, including but not limited to:
      • Encryption - All communications between you and our systems are encrypted using industry-standard encryption protocols, making them unreadable to unauthorised parties.
      • System Security - We update, patch, and harden our servers and systems regularly to address vulnerabilities.
      • Monitoring - Our security team monitors systems for suspicious, abnormal, or malicious activity on a continuous basis.
      • Data at Rest - When personal data is not actively used, it is securely encrypted at rest.
    2. Access to your personal data is strictly limited to authorised employees, contractors, and third-party service providers who require it for legitimate business purposes. All such parties are bound by confidentiality obligations and contractual safeguards to ensure compliance with applicable privacy and financial regulations. Access is granted on a need-to-know basis, protected through role-based controls and multi factor authentication (MFA), and logged for audit and accountability purposes.

    3. We require third-party service providers processing personal data on our behalf to maintain security, confidentiality, and privacy protections equivalent to or higher than those required under applicable law.

      Where applicable, Data Processing Agreements (DPAs) are executed to ensure data is only processed as instructed, with adequate technical and organisational safeguards in place.

      Where personal data is transferred internationally, such agreements incorporate Standard Contractual Clauses (SCCs) or equivalent lawful transfer mechanisms.

      • All processors are contractually required to implement appropriate technical and organisational measures, including encryption at rest and in transit, role-based access controls, logging, and breach-notification obligations.
      • We perform vendor due diligence and periodic security reviews; critical vendors undergo SOC 2 or equivalent independent assessments to confirm compliance with applicable security and privacy standards.

      Processors are also expected to support audits or assessments by Remit123 or authorised reviewers and to notify us promptly of any suspected or actual data breach.

    4. Our employees receive ongoing training on data security, confidentiality, and privacy obligations. We maintain administrative, technical, and physical safeguards consistent with industry standards and applicable law to protect your personal data from unauthorized access, use, alteration, or disclosure.

    5. We maintain comprehensive records of customer verification, transaction history, and compliance activities to meet regulatory and audit requirements.

      Remit123 generates tamper-evident audit bundles containing verification snapshots, transaction evidence, and provider payloads to support lawful investigations or regulator requests.

      Subject Access Requests (SARs) or data-access requests involving such audit materials will be processed in accordance with applicable law and may be redacted where disclosure could compromise investigations, reveal proprietary methods, or violate legal restrictions.

    6. Data Breach Notification

      In the unlikely event of a data breach involving your Personal Data, Remit123 will take all reasonable steps to contain and investigate the incident and to mitigate any potential harm.

      Where required by applicable law, we will:

      • Notify the relevant data-protection authority within seventy-two (72) hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals; and
      • Notify affected individuals without undue delay when the breach is likely to result in a high risk of harm, providing clear information about the nature of the breach, the likely consequences, and the steps taken or recommended to mitigate its effects.

      All notifications will be made in accordance with applicable data-protection and financial-services regulations.

  7. International Data Transfers

    1. As a global provider of money transfer services and multi-currency accounts, we may transfer your personal data to countries outside your country of residence. This may include processing by our staff or trusted outsourced partners located in other jurisdictions.
    2. Where we transfer personal data internationally, we take appropriate measures to comply with applicable data protection laws. If the destination country does not provide an equivalent level of protection, we will ensure your data is safeguarded through adequate technical, contractual, and organizational measures in line with this Privacy Notice.
    3. Where a specific data transfer mechanism is required by law, we will rely on one or more of the following:
      1. Transfers to countries or recipients recognized as providing an adequate level of protection under applicable law;
      2. Standard Contractual Clauses approved by the European Commission and, where relevant, the UK International Data Transfer Addendum issued by the Information Commissioner’s Office; or
      3. Other lawful transfer mechanisms permitted under applicable law.
    4. For transfer subjects, Remit123 conducts Transfer Impact Assessments (TIAs) to evaluate the legal environment of the recipient country and ensure that data subjects’ rights remain adequately protected.
    5. Further details about third parties who may receive your personal data, their locations, and the safeguards in place can be provided upon written request at office@remit123.ca

  8. Cookies and Third-Party Technologies

    1. Cookies

      Cookies are small data files placed on your device when you use our website or app.

      We use cookies and similar technologies to:

      • Remember your preferences and login details;
      • Measure performance and usage of our services;
      • Enhance functionality, security, and fraud prevention; and
      • Deliver content, offers, and advertisements relevant to you.

      Most browsers accept cookies automatically, but you can adjust your settings to refuse or alert you when cookies are sent. Please note that disabling cookies may affect the proper functioning of our website or app.

    2. Third-Party Billing

      We may permit trusted third parties, such as analytics providers, advertising networks, and payment processors, to use cookies or similar technologies on our platform. These parties may collect information about your browsing activities across websites and services for analytics, security, and targeted advertising. Their use of data is governed by their own privacy policies, which we do not control.

  9. User’s Data Protection Rights

    You may have certain rights in relation to the personal data we collect and process about you. Whether or not required by your local law, we will respond to requests to access, correct, update, or delete personal data, and to opt-out of receiving direct marketing communications. Other rights may be available depending on your country of residence.

    If you have any questions about our use of your personal data, please contact us at office@remit123.ca.

  10. Your Rights and How to Exercise Them:

    1. Request a copy of your personal data.
      You may request a copy of the personal data we hold about you. To comply with global and local laws, we may need to withhold certain data (for example, data of third parties or information relating to fraud prevention or financial crime investigations).
    2. Request correction of your personal data
      If the information we hold about you is inaccurate or out of date, you can ask us to correct it. We may need to verify the accuracy of the new data you provide. Certain details may also be updated directly through your account settings.
    3. Request deletion of your personal data

      You can ask us to delete your data where:

      • there is no valid reason for us to continue processing it;
      • you have successfully exercised your right to object;
      • the data has been unlawfully processed;
      • we are required to erase it to comply with legal obligations; or
      • the processing is based on your consent and you withdraw consent.

      Please note: as a regulated financial institution, we are required by law to retain certain records (including transaction and identity verification data) for a period of time even after your account is closed. If we cannot delete your information, we will explain why.

    4. Withdraw your consent
      Where our processing is based on your consent, you may withdraw consent at any time. This does not affect the lawfulness of processing carried out before withdrawal. Withdrawing consent may limit our ability to provide certain services to you.
    5. Opt-out of direct marketing
      You can opt-out of receiving direct marketing communications at any time by contacting us or adjusting your account preferences.
    6. Request human review of automated decisions
      If we make decisions based solely on automated processing that significantly affect you, you may request human review and an explanation of the decision-making process.
    7. Object to processing based on legitimate interests
      If we process your data on the basis of legitimate interests, you may object. We may reject your request if there are compelling legitimate grounds (other than for marketing), but we will always explain our reasoning.
    8. Request restriction of processing
      You may ask us to restrict processing of your information if: ● you contest the accuracy of the data; ● the processing is unlawful but you do not want the data erased; ● we no longer need the data but you require it to establish, exercise, or defend legal claims; or ● you have objected to processing pending verification of overriding grounds.
    9. Request transfer of your data
      Where legally required, we will provide your personal data in a structured, commonly used, machine-readable format, or transfer it directly to another controller at your request.

  11. Age Restriction

    We do not knowingly collect or process personal data from children under the age of 13.

    Where local law sets a higher minimum age for valid consent to use online financial or information society services.

    If we become aware that we have inadvertently collected personal data from a child who does not meet the applicable age requirement, we will promptly delete the information and close the related account.

    If you believe your child has provided us with personal data, please contact us immediately at office@remit123.ca

  12. Notice of Changes

    We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, or business requirements. Any material changes will be communicated through our Website or by email, and such changes will take effect upon publication, unless otherwise required by applicable law.

  13. Contact

    If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us at office@remit123.ca.

Scroll to Top