AlphaPay Privacy Policy

1. Introduction

AlphaPay (“AlphaPay”, “we”, “our”, or “us”) provides payment processing, payment aggregation, and related technology services to merchants and business customers.

AlphaPay is committed to protecting personal information and handling it in accordance with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”). Where other privacy laws apply to specific interactions, AlphaPay will comply with those laws to the extent applicable.

This Privacy Policy explains how AlphaPay collects, uses, discloses, protects, and retains personal information in connection with our website, products, services, platforms, and business operations.

 

2. Scope of Application

This Privacy Policy applies to personal information that AlphaPay collects, uses, or discloses in the course of its commercial activities, including when you:

  • 1. apply for, register for, or use AlphaPay services;
  • 2. communicate with AlphaPay by email, phone, website, portal, application, or other channels;
  • 3. request customer service, technical support, onboarding, or account assistance;
  • 4. visit or interact with AlphaPay-managed websites, portals, or online platforms; and
  • 5. otherwise engage with AlphaPay in a business, operational, compliance, marketing, or support context.

This Privacy Policy does not apply to information that has been anonymized so that it can no longer reasonably identify an individual.

 

3. What Personal Information We Collect

AlphaPay collects personal information that is reasonably necessary for legitimate business, legal, compliance, security, and service purposes.

Depending on the nature of the relationship or interaction, we may collect the following categories of personal information.

a. Information Collected Directly from You

When merchants, prospective merchants, partners, or their authorized representatives interact with AlphaPay, we may collect:

  • 1. name, business title, email address, telephone number, and other contact details;
  • 2. business name, business address, incorporation or registration information, and related business records;
  • 3. payment, settlement, and disbursement information, including banking information;
  • 4. information relating to directors, officers, ultimate beneficial owners, controlling persons, or authorized representatives;
  • 5. identity verification and due diligence information, including government-issued identification and supporting KYC/AML documentation where required;
  • 6. account credentials and authentication-related information;
  • 7. records of communications, inquiries, service requests, and support interactions; and
  • 8. any other information you choose to provide to us in connection with an application, support request, survey, promotion, or other interaction.

b. Information Collected Automatically

When you access or interact with AlphaPay’s websites, portals, apps, or systems, we may automatically collect certain technical and usage information, such as:

  • 1. IP address;
  • 2. browser type and version;
  • 3. device type, operating system, and application version;
  • 4. dates, times, pages viewed, clickstream, and usage activity;
  • 5. approximate location derived from technical signals; and
  • 6. security, diagnostic, and log information.

We collect this information to operate, secure, maintain, troubleshoot, and improve our systems and services, and to better understand how our websites and platforms are used.

c. Information from Third Parties

We may collect personal information from third parties where permitted by law and reasonably necessary for our business operations, including from:

  • 1. identity verification, sanctions screening, fraud prevention, and compliance service providers;
  • 2. financial institutions, payment partners, processors, acquirers, and settlement providers;
  • 3. business partners, referral partners, and service providers acting on authorized instructions or under contractual arrangements;
  • 4. public registries, public websites, regulatory databases, and other publicly available sources; and
  • 5. law enforcement agencies, regulators, or government authorities where legally authorized or required.

 

4. How We Use Personal Information

AlphaPay may use personal information for the following purposes:

a. Service Delivery and Account Administration

To evaluate applications, onboard merchants and partners, create and administer accounts, provide payment and related services, manage settlements, and maintain business relationships.

b. Compliance and Legal Obligations

To satisfy legal, regulatory, risk-management, tax, accounting, audit, recordkeeping, sanctions, anti-money laundering, and anti-fraud obligations.

c. Security and Fraud Prevention

To authenticate users, monitor for suspicious, fraudulent, unauthorized, or illegal activity, protect AlphaPay’s systems and users, and investigate incidents or complaints.

d. Customer Support and Communications

To respond to inquiries, provide technical or operational support, deliver service notices, send security alerts, and communicate about account, product, or operational matters.

e. Product Improvement and Analytics

To understand usage patterns, improve website and service functionality, enhance stability and security, and support internal reporting and planning.

f. Marketing and Promotional Communications

To send marketing, educational, or promotional communications where permitted by law and, where required, with your consent. You may unsubscribe from non-essential marketing communications at any time.

 

5. End User / Consumer Transaction Data

AlphaPay primarily provides payment services to merchants and business customers, rather than directly to end users or consumers.

In connection with the payment services it provides, AlphaPay may receive, access, use, disclose, or otherwise process limited information relating to end users, payers, or transaction participants where reasonably necessary for transaction routing, payment processing, settlement, reconciliation, fraud prevention, security monitoring, refunds, disputes, customer support, legal compliance, or other permitted operational purposes.

Depending on the nature of the payment flow, such information may include transaction identifiers, masked or tokenized data, technical identifiers, limited contact information, or other information made available through the applicable payment channel, merchant integration, partner integration, or related service flow.

AlphaPay uses such information only as reasonably necessary to provide, support, secure, and comply with the applicable payment services and related business operations.

 

6. Basis for Processing and Consent

AlphaPay collects, uses, and discloses personal information only for purposes that a reasonable person would consider appropriate in the circumstances and as permitted or required by applicable law.

Depending on the context, AlphaPay may rely on one or more of the following grounds:

  • 1. the information is necessary to enter into, perform, administer, or enforce a contract or requested service;
  • 2. the information is necessary to comply with legal, regulatory, audit, accounting, tax, or compliance obligations;
  • 3. the information is necessary to protect against fraud, unauthorized activity, security threats, or other operational risks;
  • 4. the individual has provided express or implied consent, as appropriate in the circumstances; and
  • 5. the collection, use, or disclosure is otherwise permitted or required by applicable law.

Where consent is required, AlphaPay will seek consent in a manner appropriate to the sensitivity of the information and the circumstances.

 

7. Cookies and Similar Technologies

AlphaPay may use cookies, pixels, local storage, session tools, and similar technologies on its websites or platforms for purposes such as:

  • 1. essential site functionality;
  • 2. authentication and session management;
  • 3. security and fraud prevention;
  • 4. analytics and performance measurement; and
  • 5. improving user experience.

You may be able to manage certain cookie preferences through your browser settings, device settings, or other tools made available on the relevant website or platform. Disabling certain cookies may affect site functionality.

 

8. Disclosure of Personal Information

AlphaPay does not sell personal information.

AlphaPay may disclose personal information where reasonably necessary for the purposes described in this Privacy Policy, including to third parties that process information on our behalf, and to other parties that independently participate in the provision, routing, processing, settlement, support, compliance, or dispute management of payment services.

Such disclosures may include disclosures to:

  • 1. service providers that support our business operations, including hosting, cloud, identity verification, fraud prevention, analytics, communications, customer support, legal, audit, and professional advisory providers;
  • 2. payment networks, payment partners, financial institutions, processors, acquirers, merchants, and other parties involved in transaction processing, settlement, operational support, or dispute handling;
  • 3. regulators, governmental authorities, courts, law enforcement agencies, self-regulatory bodies, or other persons where required or permitted by law;
  • 4. counterparties and professional advisors in connection with an actual or proposed financing, merger, acquisition, corporate reorganization, asset sale, or similar business transaction; and
  • 5. other parties where the individual has consented or directed us to make the disclosure.

Where appropriate, AlphaPay requires service providers and other third parties handling personal information on our behalf to protect that information using safeguards and confidentiality obligations appropriate to the nature of the information.

 

9. Cross-Border Processing

AlphaPay may use service providers or systems that store, access, process, or support personal information from outside the province or territory in which the information was originally collected.

As a result, personal information may be subject to the laws of other jurisdictions and may be accessible to courts, governments, regulators, or law enforcement authorities in those jurisdictions in accordance with applicable law.

AlphaPay remains responsible for personal information transferred to third parties for processing and takes reasonable steps to ensure that such information is protected by appropriate contractual, administrative, and technical safeguards.

 

10. Retention of Personal Information

AlphaPay retains personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected, and to satisfy legal, regulatory, accounting, contractual, dispute-resolution, security, and enforcement requirements.

Retention periods may vary depending on the type of information and the applicable business or legal context. Certain financial, compliance, and transactional records may be retained for a minimum period required under applicable laws, regulations, or internal compliance requirements, which may in some cases be at least seven (7) years.

When personal information is no longer required, AlphaPay will securely delete, destroy, anonymize, or otherwise dispose of it in accordance with applicable law and internal retention procedures.

 

11. Safeguards and Security

AlphaPay uses administrative, technical, and physical safeguards designed to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, modification, or destruction.

These safeguards may include, as appropriate:

  • 1. encryption of sensitive data in transit and at rest;
  • 2. access controls based on job responsibilities and business need-to-know;
  • 3. authentication controls, including multi-factor authentication where appropriate;
  • 4. logging, monitoring, alerting, and incident detection measures;
  • 5. secure development, patching, vulnerability management, and testing practices;
  • 6. internal policies, training, and confidentiality obligations; and
  • 7. vendor and service-provider security oversight where appropriate.

While no method of transmission or storage can be guaranteed to be completely secure, AlphaPay uses reasonable safeguards appropriate to the sensitivity of the information.

 

12. Privacy Breaches and Security Incidents

AlphaPay maintains processes to assess, contain, investigate, document, and respond to suspected or actual privacy breaches and security incidents.

Where required by applicable law, AlphaPay will notify affected individuals, regulators, or other authorities of a breach involving personal information. AlphaPay will also maintain records of privacy breaches as required by law.

 

13. Your Choices and Rights

Subject to applicable law and legal, regulatory, contractual, and operational limitations, individuals may have the right to:

  • 1. request access to personal information AlphaPay holds about them;
  • 2. request correction of inaccurate or incomplete personal information;
  • 3. withdraw consent, where processing is based on consent, subject to legal or contractual restrictions and reasonable notice;
  • 4. request information about AlphaPay’s personal information handling practices; and
  • 5. make a complaint regarding AlphaPay’s privacy practices.

AlphaPay may require sufficient information to verify the identity and authority of a requestor before responding to a request.

AlphaPay will respond to requests within the time required by applicable law, subject to any lawful extensions or exceptions.

 

14. Children and Minors

AlphaPay’s business services are generally intended for merchants, businesses, and authorized adult representatives, and are not directed to children.

AlphaPay does not knowingly collect personal information directly from children in a manner that requires parental consent under applicable law. If AlphaPay becomes aware that personal information has been collected inappropriately from a child, AlphaPay will take reasonable steps to delete or otherwise address that information in accordance with applicable law.

If an individual is under the age of majority in their province or territory of residence, any interaction requiring valid consent should be undertaken with the involvement of a parent or legal guardian where required by law.

 

15. Third-Party Websites and Services

AlphaPay websites or services may contain links to third-party websites, products, platforms, or services that are not operated or controlled by AlphaPay.

This Privacy Policy does not apply to the privacy practices of such third parties. AlphaPay encourages users to review the privacy policies and terms of any third-party sites or services they access.

 

16. Changes to This Privacy Policy

AlphaPay may update this Privacy Policy from time to time to reflect changes in law, regulation, technology, operations, or business practices.

The updated version will be posted on the relevant AlphaPay website or platform, and the “Last Updated” date will be revised accordingly.

For non-material updates, posting the revised Privacy Policy on the relevant AlphaPay website or platform and updating the “Last Updated” date will generally constitute sufficient notice. Where appropriate, AlphaPay may provide additional notice of material changes by reasonable means in the circumstances, which may include website notices, merchant portal notifications, email communications, or other appropriate methods.

Where required by applicable law, AlphaPay will obtain updated consent in connection with material changes.

 

17. Contact Us

Questions, requests, or complaints relating to this Privacy Policy or AlphaPay’s privacy practices may be directed to:

Privacy Officer
AlphaPay
13888 Wireless Way, Unit 305
Richmond, BC V6V 0A3, Canada
Email: compliance@alphapay.com