Privacy Policy

Last updated: 17/09/2025

Statement of Confidentiality and Validity

This document is proprietary and does not exist in the public domain. This copyright notice is attached only to provide protection in the event of inadvertent publication. No part of this publication may be copied without the express written permission of Eficyent or AML Incubator (https://amlincubator.com/).

Copyright Notice: This document has been prepared by AML Incubator for the sole purpose and exclusive use of Eficyent. Due to the confidential nature of the material in this document, AML Incubator and Eficyent request this document and its contents not be discussed, disclosed, or divulged without the prior written consent of Eficyent and AML Incubator.

Date: 17/09/2025

Incorporated Name: Eficyent

Operating Trade Name: Eficyent

Head Office Location: 7100 Leslie Street Suite 120, Markham ON L3T 7M8, Canada

Website: https://eficyent.com/

Email: [email protected]

Phone: +61 489 981384

Document Control

Version Author Reviewed Review Date Description
1.0 AML Incubator Ltd. Aravinth Ramesh 17/09/2025 Initial Creation.

Ownership

Name Designation Dept/Division Email Date
Primary BALASUBRAM ANYAM K Director Management [email protected] 17/09/2025
Secondary Aravinth Ramesh CTO Management [email protected] 17/09/2025

Key Stakeholders

Key Stakeholders in this process include:

  • Executives
  • Legal Counsel
  • Operational Staff
  • Brokers & Counterparties
  • Merchants
  • Consumers

Business Model Overview

Eficyent is a money services business (“MSB”) which is registered with the Financial Transactions and Reports Analysis Centre of Canada (“FINTRAC”). The Company is also a Payment Service Provider (PSP) registered with the Bank of Canada (“Bank”). The company intends to provide four core services to its customers:

  • Foreign Exchange Dealings
  • Money Transferring
  • Virtual Currency Dealings
  • Payment Processing

Purpose

At the Company the Customer’s privacy is of utmost importance to us. This Privacy Policy outlines how we collect, use, disclose, and safeguard Customer’s personal information when they use our payment services. We ensure that the Customer’s privacy is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and other relevant Canadian privacy laws and regulations.

This policy applies to all employees, contractors, third-party service providers, and any other personnel with access to the Company’s information systems.

Regulatory Overview

Introduction

This Privacy Policy is intended to help understand how the Company collects, uses, and discloses the Customer’s personal information (as defined below) when they access our website or any of our associated websites and mobile applications (collectively, the “Site”), and use the services that we provide via the Site (the “Services”). Our Privacy Statement is our commitment to the Customer that we will handle their personal information with care and in accordance with applicable privacy legislation.

We will treat personal information in a manner consistent with the Privacy Policy under which it was collected and our privacy practices, unless we have Customer’s consent to treat it differently. This Privacy Statement applies to any information we collect or receive about the Customer, from any source.

How we collect the Customer’s Personal Information

We collect personal information in various ways, depending on interactions with our services. Below are the primary methods through which we gather personal information:

Account Creation and Registration: When a customer creates an account, signs up for our services, or registers on our platform, we collect personal information such as Customer’s name, email address, phone number, and any other information they choose to provide.

Transaction Information: We collect information related to transactions the Customer makes using our services, including payment details, transaction history, and financial account information.

Customer Support Interactions: If the Customer contacts us for customer support, we collect information that they provide during the interaction, such as name, contact details, and details about the inquiry or issue.

Surveys and Feedback: We may collect personal information when the Customer participates in surveys, provides feedback, or completes questionnaires that we distribute.

Consent-Based Collection: In some cases, we may ask for the Customer’s consent to collect personal information not covered by the scenarios listed above. For example, if we wish to use their data for a new purpose, we will seek the Customer’s explicit consent before doing so.

The personal information we collect allows us to provide, maintain, and improve our services, ensure compliance with legal obligations, protect against fraud, and enhance the user experience. We collect only the information that is necessary for these purposes and handle the Customer data in accordance with our Privacy Policy.

Information the Company Collects

We may collect the following types of personal information:

  • Contact Information: Name, email address, phone number, mailing address.
  • Identity Verification Information: Date of birth, social insurance number (SIN), passport number, driver's license, or other government-issued identification.
  • Financial Information: Bank account details, credit/debit card numbers, transaction history.
  • Technical Information: IP address, device information, browser type, and cookies.
  • Usage Information: Information about how the Customer interacts with our services, including transaction data and customer support interactions.

How we use the Customer’s Personal Information

We use the Customer’s personal information for the following purposes:

  • Service Delivery: To provide, operate, and maintain our payment services.
  • Identity Verification: To verify Customer’s identity and prevent fraud.
  • Transaction Processing: To process payments and other transactions the Customer initiates.
  • Customer Support: To provide customer support and respond to their inquiries.
  • Compliance: To comply with legal and regulatory obligations, including anti-money laundering (AML) and anti-fraud requirements.
  • Marketing and Communication: To send the Customer promotional materials, updates, and other information relevant to our services (with Customer’s consent).

How we store the Customer’s personal information

The Company ensures that the Customer’s personal information is stored securely and in compliance with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA). Below is an overview of how we store the Customer’s personal information:

Secure Data Storage

  • Digital Storage: Personal information is stored on secure servers that are protected by industry-standard security measures, including firewalls, encryption, and access controls. These servers are located in secure data centers with restricted access to authorized personnel only.
  • Physical Storage: If any personal information is stored in physical form (e.g., paper records), it is kept in secure, locked facilities that are accessible only to authorized personnel. Physical documents are stored in locked cabinets or rooms with additional security controls.

Backup and Recovery

  • Regular Backups: We perform regular backups of our data, including personal information, to ensure that it can be restored in case of accidental loss, data corruption, or other incidents. These backups are encrypted and stored securely.
  • Disaster Recovery: We have a disaster recovery plan in place to ensure that personal information is protected and recoverable in the event of a major incident, such as a natural disaster, cyber-attack, or system failure.

Data Security

We take reasonable steps to protect our Customers’ personal information from unauthorized access, use, or disclosure. These measures include encryption, access controls, and regular security audits.

Encryption

  • Data in Transit: We use industry-standard encryption protocols (such as TLS/SSL) to protect personal information while it is being transmitted over the internet.
  • Data at Rest: Personal information stored on our servers is encrypted using advanced encryption standards to prevent unauthorized access.

Access Controls

  • Role-Based Access: Access to personal information is restricted to authorized personnel who need it to perform their job functions. Access is granted based on roles and responsibilities, ensuring that only those with a legitimate business need have access to sensitive data.
  • Multi-Factor Authentication: We implement multi-factor authentication (MFA) for access to our systems to add an additional layer of security.

Regular Security Audits

  • We conduct regular security audits and assessments to identify and address potential vulnerabilities in our systems. These audits include penetration testing, vulnerability scans, and security control reviews.

How we safeguard the Customer’s personal information

Protecting the Customer’s personal information is a top priority for us. We implement a variety of security measures to ensure that the data is safe from unauthorized access, disclosure, alteration, or destruction.We restrict access to the personal information on a need-to-know basis to employees and authorized service providers who require access to fulfill their job requirements.

While we take significant steps to protect our Customers’ personal information, their role is also crucial. We encourage our Customers to:

  • Use Strong Passwords: Create strong, unique passwords for their accounts and update them regularly.
  • Be Cautious of Phishing Scams: Be wary of unsolicited communications asking for their personal information. Always verify the legitimacy of such requests.
  • Enable Security Features: Take advantage of security features we offer, such as multi-factor authentication, to add an extra layer of protection to the accounts.

Disclosure of the Customer’s Information

Except as set forth in this Privacy Policy or as required or permitted by law, we do not sell or share our Customers’ personal information with third parties. Even when we do disclose their personal information, we will not disclose more personal information than necessary for the purpose of disclosure and in compliance with data protection legislation.

We may share the Customer’s personal information with:

  • Service Providers: We may transfer or otherwise make the Customer’s personal information available to third-party service providers who provide services to us in accordance with our instructions and on our behalf. Our service providers are only given the personal information they need to perform their agreed-upon services, and are not authorized to use or disclose personal information for their own marketing or other purposes. Our service providers are third-party vendors who assist us in operating our business, such as identity verification services, payment processors, and IT service providers.
  • Regulatory Authorities: We can disclose personal information to regulatory authorities under specific circumstances, in accordance with Canadian privacy laws, such as the Personal Information Protection and Electronic Documents Act (PIPEDA) in cases when the Company is required to comply with legal and regulatory obligations. This includes requirements under anti-money laundering (AML) laws, anti-terrorism financing (ATF) laws, and other financial regulations, reporting suspicious transactions to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) as mandated by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).
  • Business Partners: With the Customer’s consent, we may share their information with business partners to offer joint services or products.
  • Legal Requirements: We may disclose the Customer’s information if required to do so by a court or in response to a subpoena, warrant, or other legally binding request from law enforcement agencies, or under international agreements or treaties. We may disclose this information to foreign regulatory authorities or governments as part of cross-border investigations or regulatory enforcement actions.
  • Business Sale, Merger, or Acquisition: The Company may need to disclose personal information to potential buyers or merging entities to evaluate the business. However, this disclosure should be limited to what is necessary for the transaction. Wherever possible, the personal information should be anonymized or aggregated before disclosure to protect individual privacy. If specific personal information must be shared, it should be limited and protected by confidentiality agreements.

Retention and Deletion of the Customer’s Information

The Company will retain the Customer’s personal information for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The retention period may vary depending on the nature of the information and the purpose for which it is used.

When personal information is no longer needed, we take steps to securely delete or anonymize it. Digital data is permanently erased using secure deletion methods, and physical documents are shredded or otherwise destroyed to prevent unauthorized access.

Training and Awareness

Our employees receive regular training on data security and privacy best practices to ensure that they understand their responsibilities in protecting personal information.

The Customer’s Rights

The Customer has the following rights regarding their personal information:

Access

The Customer has the right to request access to the personal information we hold about them. This right allows the Customer to be informed about the data we have collected, how it is being used, and who it may be shared with. The Customer can submit a written request to us to access their personal information. We will provide the Customer with a copy of the information, along with details about how it is being used, within a reasonable timeframe, typically within 30 days. In some cases, access may be restricted due to legal reasons or to protect the privacy of others. If we cannot provide access, we will explain the reasons why.

Correction

If the Customer believes that the personal information we hold about them is inaccurate, incomplete, or outdated, the Customer has the right to request that we correct or update this information. The Customer can contact us with details of the information they believe is incorrect and provide the correct information. We will promptly correct or update our records and notify any third parties who have received the incorrect information. However, we may require verification of the new information to ensure that the changes are accurate and that the request is legitimate.

Withdrawal of Consent

The Customer has the right to withdraw their consent for us to collect, use, or disclose their personal information at any time. This right applies to information the Customer has previously consented to share, and it allows them to control how the data is used. To withdraw the consent, the Customer can contact us with a request. After which we will explain the consequences of withdrawing consent, which may include our inability to provide certain services to the Customer.

In some cases, withdrawing consent may be subject to legal or contractual restrictions. For example, if we are legally required to retain certain information or if the information is necessary for the fulfillment of a contract, we may not be able to fully comply with the request.

Complaints

If the Customer believes that their privacy rights have been violated or if the Customer is unsatisfied with how we have handled their personal information, the Customer has the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC). We are committed to addressing any concerns the Customer may have and will assist them throughout the complaint process. However, before filing a complaint with the OPC, we encourage the Customer to contact us directly to resolve the issue. If the Customer remains dissatisfied, they can file a complaint with the OPC by visiting their website, submitting a complaint form, or contacting them by phone or mail.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance the Customer experience on our website. The Customer can control the use of cookies through the browser settings. Please note that disabling cookies may affect the functionality of our services.

Updates and Tests

This policy will be reviewed and updated from time to time, after any major changes to the business, or as needed to ensure its continued effectiveness and alignment with organizational objectives and regulatory requirements.