FastrPay Privacy Policy

FastrXchange Technology Inc.
Last Updated: February, 15, 2026

FastrXchange Technology Inc., operating as FastrPay (“Fastr,” “we,” “us,” or “our”), is committed to protecting your personal information in accordance with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal information when you use the FastrPay services (the “Services”).

1. Scope

This Privacy Policy applies to personal information collected in connection with:

• Creating and maintaining a FastrPay account

• Initiating and receiving transfers

• Identity verification and compliance screening

• Customer support interactions

• Regulatory and legal obligations.

This policy does not apply to third-party websites or services not controlled by Fastr.

2. What Is Personal Information

“Personal information” means information about an identifiable individual, including but not limited to:

• Name

• Date of birth

• Address

• Government-issued identification details

• Financial information

• Contact information

• Transaction history

• Device and usage data

Personal information does not include anonymized or aggregated information that cannot reasonably identify an individual.

3. Information We Collect

We collect personal information necessary to provide our Services and comply with legal obligations.

A. Information You Provide

• Full legal name

• Date of birth

• Residential address

• Email address and phone number

• Government-issued identification details

• Beneficiary information

• Bank account or payment method details

• Source of funds information (where required)

B. Transaction Information

• Transfer amount

• Currency

• Beneficiary details

• Transaction history

• Payment method used

C. Identity Verification Information

We may collect:

• Copies of identification documents

• Biometric verification data (if applicable)

• Selfie verification images

• Sanctions screening results

D. Device and Technical Information

• IP address

• Device type

• Browser information

• Log data

• Cookies or similar tracking technologies

4. Why We Collect Personal Information

We collect personal information to:

• Provide and operate the Services

• Verify identity

• Prevent fraud and financial crime

• Comply with anti-money laundering (AML) obligations

• Screen against sanctions lists

• Process transactions

• Provide customer support

• Improve security and system integrity

• Meet regulatory and legal requirements

We do not collect personal information beyond what is necessary for these purposes.

5. Legal Basis for Processing

Under PIPEDA, we collect, use, and disclose personal information with your consent, except where otherwise permitted or required by law.

By creating an account and using the Services, you consent to the collection and use of your personal information as described in this Policy.

Certain processing is mandatory for legal compliance. If you do not provide required information, we may be unable to provide Services.

6. Disclosure of Personal Information

We may disclose personal information to:

A. Regulatory Authorities

• FINTRAC

• Law enforcement

• Government agencies

• Sanctions enforcement bodies

Where required by law.

B. Service Providers

We may share information with trusted third parties, including:

• Identity verification providers

• Sanctions screening providers

• Payment processors

• Banking partners

• Cloud hosting providers

• IT security providers

• Customer support providers

All service providers are required to maintain appropriate safeguards.

C. Payout Partners

To complete transactions, we may share relevant information with licensed financial institutions or payment service providers in destination countries.

7. Cross-Border Transfers of Personal Information

FastrPay provides international services. Personal information may be transferred to and processed in jurisdictions outside Canada.

When personal information is transferred internationally:

• It may be subject to the laws of the foreign jurisdiction

• It may be accessible to foreign governments, courts, or regulators

• We implement contractual and security safeguards to protect personal information

By using the Services, you consent to such cross-border transfers.

8. Retention of Personal Information

We retain personal information:

• For as long as necessary to provide Services

• As required by FINTRAC and other regulatory recordkeeping requirements

• As required for legal or dispute resolution purposes

Financial transaction records may be retained for a minimum period required under Canadian law (currently at least five years, where applicable).

When no longer required, personal information is securely destroyed or anonymized.

9. Safeguards

We implement reasonable administrative, technical, and physical safeguards to protect personal information, including:

• Encryption in transit and at rest

• Access controls and authentication

• Monitoring systems

• Secure hosting environments

• Restricted employee access based on role

No system can guarantee absolute security, but we take reasonable steps to protect information.

10. Your Rights

Under Canadian privacy laws, you have the right to:

• Request access to your personal information

• Request correction of inaccurate information

• Withdraw consent (subject to legal limitations)

• Inquire about how your information is used

Requests must be submitted in writing to our Privacy Officer.

We may require verification of identity before responding.

Certain information may not be disclosed where restricted by law (e.g., ongoing regulatory investigations).

11. Withdrawal of Consent

You may withdraw consent to certain uses of your personal information.

However, withdrawal of consent may:

• Limit your ability to use the Services

• Require closure of your account

• Prevent completion of pending transactions

Legal obligations may require continued retention of certain information.

12. Automated Decision-Making and Fraud Monitoring

We use automated systems to:

• Detect suspicious activity

• Screen against sanctions lists

• Assess fraud risk

These systems may result in transaction delays or account restrictions.

You may contact us for review of decisions affecting your account.

13. Cookies and Tracking

We use cookies and similar technologies to:

• Authenticate users

• Improve functionality

• Enhance security

• Analyze usage patterns

You may adjust browser settings to refuse cookies, but some features may not function properly.

14. Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated through:

• Website notice;

• Email notification; or

• Account notification.

The updated version will indicate the revised date.

15. Contact and Complaints

If you have questions or wish to exercise your privacy rights, please contact:

Privacy Officer
FastrXchange Technology Inc.
Email: privacy@fastrxchange.com
Address: 2906 Grindstone Crescent, Pickering, Ontario, Canada L1X 2R5