Skip to Content

Privacy Policy

1. Introduction

1.1 Scope

This Privacy Policy applies to all personal information collected by Invincible Pay through our e-wallet platform, website, mobile applications, and related services. It covers information collected from customers who use our services to send and receive funds, manage their digital wallets, and conduct electronic payment transactions.

1.2 Compliance With Applicable Laws

Invincible Pay is committed to compliance with all applicable privacy laws and regulations, including:

  • Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada's federal privacy law
  • Provincial privacy legislation where applicable
  • General Data Protection Regulation (GDPR) - for European Union residents
  • California Consumer Privacy Act (CCPA) - for California residents
  • Retail Payment Activities Act - as a registered Payment Service Provider

As a registered Money Services Business with FINTRAC and a Payment Service Provider registered with the Bank of Canada, we also comply with anti-money laundering and counter-terrorist financing regulations that govern the collection and retention of certain personal information.

1.3 Policy Updates and Amendments

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will notify you by email, through our platform, or by posting a prominent notice on our website. Your continued use of our services after such notice constitutes acceptance of the updated policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

2. Purpose

2.1 Commitment to Privacy

At Invincible Pay, we recognize that trust is fundamental to our relationship with our customers. We are committed to being transparent about our data practices and ensuring that your personal information is collected, used, and protected responsibly. This policy is designed to help you understand:

  • What personal information we collect and why
  • How we use and protect your information
  • When and with whom we share your information
  • Your rights regarding your personal information
  • How you can contact us with privacy concerns

2.2 Legal Basis for Processing Personal Data

We process personal information only when we have a lawful basis to do so. Depending on the circumstances and applicable law, our processing may be based on:

  • Consent: You have given explicit permission for specific processing activities
  • Contract Performance: Processing is necessary to provide services you've requested
  • Legal Obligation: We must process data to comply with laws and regulations
  • Legitimate Interests: Processing serves our legitimate business interests while respecting your privacy rights

3. Definitions

3.1 Personal Information

Personal Information means any information about an identifiable individual. This includes information that can be used on its own or in combination with other information to identify, contact, or locate a specific person. Examples include names, email addresses, phone numbers, financial account information, government-issued identification numbers, IP addresses, and transaction records.

3.2 Processing

Processing refers to any operation or set of operations performed on personal information, whether by automated means or not. This includes collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, transmission, alignment, combination, restriction, erasure, or destruction of personal information.

3.3 Data Subject

Data Subject is an identifiable individual to whom personal information relates. In the context of Invincible Pay's services, data subjects primarily include our customers, potential customers, and authorized representatives of entity customers.

3.4 Controller and Processor

Data Controller determines the purposes and means of processing personal information. A Data Processor processes personal information on behalf of the controller. Invincible Pay acts as a data controller with respect to customer information we collect and process to provide our services. We may engage third-party processors to assist with certain functions.

3.5 Consent

Consent means a freely given, specific, informed, and unambiguous indication of your wishes by which you agree to the processing of your personal information. Consent may be express (actively given) or, in some circumstances and jurisdictions, implied through your actions.

3.6 Other Key Terms

  • E-Wallet: A digital account that allows you to store funds electronically and conduct transactions
  • Payment Services: Electronic fund transfer and payment processing services provided through our platform
  • Transaction: Any transfer, payment, deposit, or withdrawal of funds through your e-wallet
  • KYC (Know Your Customer): Identity verification procedures we're required to perform under applicable regulations

4. Types of Information We Collect

4.1 Information You Provide Directly

We collect information that you provide when you register for an account, use our services, or communicate with us:

Account Registration Information:

  • Full legal name
  • Date of birth
  • Email address
  • Phone number
  • Residential address
  • Government-issued identification (driver's license, passport, etc.)
  • Social Insurance Number (when required for tax reporting or verification)

Financial Information:

  • Bank account details for linking to your e-wallet
  • Payment card information (encrypted and tokenized)
  • Transaction history and payment details
  • Payment recipient information
  • Funding source details

Verification and Compliance Information:

  • Copies of identity documents
  • Proof of address documentation
  • Source of funds information (when required)
  • Business information for commercial accounts
  • Beneficial ownership information for entities

Communications:

  • Customer support inquiries and correspondence
  • Survey responses and feedback
  • Marketing preferences

4.2 Information We Collect Automatically

When you use our services, we automatically collect certain technical and usage information:

Device and Technical Information:

  • IP address and location data
  • Device type, model, and operating system
  • Browser type and version
  • Unique device identifiers
  • Mobile network information

Usage and Activity Information:

  • Pages visited and features used
  • Transaction patterns and frequency
  • Login times and session duration
  • Clickstream data and navigation paths
  • E-wallet balance and transaction history

Security and Fraud Prevention Data:

  • Authentication data and security credentials
  • Risk assessment scores
  • Fraud detection indicators
  • Device fingerprinting information

4.3 Information From Third Parties

We may receive information about you from third-party sources, including:

  • Identity Verification Services: Information confirming your identity and address
  • Credit Bureaus: Credit history and verification data (with your consent where required)
  • Financial Institutions: Bank account verification and transaction information
  • Fraud Prevention Services: Risk and fraud indicators
  • Public Records: Information from publicly available sources
  • Referral Partners: Information if you were referred to our services

4.4 Sensitive Information

We collect certain types of sensitive information only when necessary and with appropriate safeguards:

  • Government Identifiers: Social Insurance Numbers, driver's license numbers (for KYC compliance)
  • Financial Account Details: Bank account and routing numbers (encrypted and protected)
  • Biometric Data: If you use biometric authentication features (face ID, fingerprint)

We implement enhanced security measures for all sensitive information and process it only for specific, legitimate purposes required by law or necessary to provide our services.

5. How We Use Your Information

5.1 To Provide E-Wallet and Payment Services

We use your personal information to deliver our core services:

  • Creating and maintaining your e-wallet account
  • Processing electronic fund transfers and payments
  • Facilitating deposits and withdrawals
  • Managing your account balance and transaction history
  • Linking external bank accounts and payment methods to your e-wallet
  • Sending transaction notifications and confirmations
  • Providing customer support and resolving issues
  • Improving and personalizing your user experience

5.2 Verification and Compliance

As a regulated Money Services Business and Payment Service Provider, we are required to verify customer identities and monitor for suspicious activity:

  • Verifying your identity during account registration (Know Your Customer - KYC)
  • Conducting ongoing monitoring of transactions and account activity
  • Screening against sanctions lists and politically exposed persons (PEP) databases
  • Filing required reports with FINTRAC and other regulatory authorities
  • Maintaining records as required by anti-money laundering laws
  • Responding to lawful requests from law enforcement and regulators

5.3 Fraud Prevention and Risk Management

We analyze information to protect you, other users, and our platform from fraud and abuse:

  • Detecting and preventing fraudulent transactions
  • Identifying suspicious patterns or unusual activity
  • Assessing transaction risk in real-time
  • Preventing unauthorized access to accounts
  • Investigating security incidents and disputes
  • Protecting against identity theft and account takeover

5.4 Customer Support and Communication

We use your contact information to communicate with you about your account and our services:

  • Responding to your inquiries and support requests
  • Sending service announcements and important updates
  • Notifying you of changes to our terms or policies
  • Requesting feedback about our services
  • Resolving disputes and addressing complaints

5.5 Marketing and Product Development

With your consent where required, we may use your information for:

  • Sending promotional offers and information about new features
  • Conducting market research and surveys
  • Analyzing usage patterns to improve our services
  • Developing new products and features
  • Personalizing your experience on our platform

You can opt out of marketing communications at any time using the unsubscribe link in our emails or by updating your account preferences.

5.6 Legal Obligations and Enforcement

We may process your information as necessary to:

  • Comply with legal and regulatory requirements
  • Respond to court orders, subpoenas, and legal processes
  • Enforce our Terms of Service and other agreements
  • Protect our rights, property, and safety or those of others
  • Investigate and prevent illegal activity

6. Legal Bases for Processing

6.1 Consent

We rely on your consent when we collect and process personal information for purposes such as:

  • Marketing communications and promotional offers
  • Optional features like biometric authentication
  • Sharing information with third parties for their own purposes
  • Non-essential cookies and analytics

You may withdraw consent at any time, though this may limit our ability to provide certain services.

6.2 Contractual Necessity

We process personal information when necessary to fulfill our contract with you, including:

  • Creating and maintaining your e-wallet account
  • Processing your payment transactions and fund transfers
  • Providing customer support
  • Managing your account balance and transaction history

Without this information, we cannot provide our services to you.

6.3 Legal Obligation

We must process certain personal information to comply with legal and regulatory requirements:

  • Customer identification and verification (KYC/AML regulations)
  • Transaction monitoring and suspicious activity reporting
  • Record retention requirements under PCMLTFA
  • Tax reporting obligations
  • Responding to lawful requests from authorities
  • Sanctions screening and compliance

6.4 Legitimate Interests

We process personal information when necessary for our legitimate business interests, provided these interests are not outweighed by your privacy rights:

  • Fraud detection and prevention
  • Network and information security
  • Internal research and product development
  • Business analytics and operational improvements
  • Protecting our legal rights
  • Preventing misuse of our services

6.5 Vital Interests

In rare circumstances, we may process personal information to protect vital interests, such as preventing imminent harm or danger to an individual.

7. How We Share Information

7.1 With Service Providers and Partners

We share personal information with trusted third-party service providers who assist us in operating our platform and delivering services:

  • Payment Processors: To facilitate electronic fund transfers and payment transactions
  • Identity Verification Services: To verify your identity during onboarding
  • Cloud Service Providers: For secure data storage and hosting
  • Fraud Prevention Services: To detect and prevent fraudulent activity
  • Customer Support Tools: To manage and respond to your inquiries
  • Analytics Providers: To understand usage patterns (with anonymized data where possible)

All service providers are contractually obligated to protect your information and may only use it for the specific purposes we authorize.

7.2 With Regulatory and Law Enforcement Authorities

We disclose personal information to regulatory bodies and law enforcement when required by law:

  • FINTRAC: Suspicious transaction reports, large transaction reports, and other required filings
  • Bank of Canada: As required under the Retail Payment Activities Act
  • Canada Revenue Agency: Tax reporting information when required
  • Law Enforcement: In response to valid subpoenas, court orders, and lawful requests
  • Other Regulators: As required by applicable laws and regulations

7.3 With Financial Institutions

We share necessary information with banks and financial institutions to:

  • Verify and link external bank accounts to your e-wallet
  • Process electronic fund transfers and payment transactions
  • Reconcile transactions and resolve disputes
  • Comply with payment network rules and requirements

7.4 International Transfers

Some of our service providers may be located outside of Canada. When we transfer personal information internationally, we ensure appropriate safeguards are in place through:

  • Standard contractual clauses approved by regulatory authorities
  • Transfers to countries with adequate data protection laws
  • Other legally recognized transfer mechanisms

See the International Data Transfers section for more details.

7.5 Business Transfers

If Invincible Pay is involved in a merger, acquisition, asset sale, or bankruptcy proceeding, personal information may be transferred as part of that transaction. We will notify you of any such transfer and provide information about how your data will be handled.

7.6 With Your Consent

We may share your personal information with other third parties when you explicitly consent to such sharing.

Important: We never sell your personal information to third parties for their marketing purposes.

8. International Data Transfers

8.1 Transfers Outside Canada

While Invincible Pay is a Canadian company and our primary operations are in Canada, some of our service providers may store or process personal information in other countries, including the United States. When information is transferred outside Canada, it becomes subject to the laws of the destination country and may be accessed by courts, law enforcement, and national security authorities in accordance with those laws.

8.2 Safeguards for International Transfers

We implement appropriate safeguards for international data transfers, including:

  • Standard Contractual Clauses: EU-approved model clauses for transfers to countries without adequacy decisions
  • Data Processing Agreements: Binding contractual terms requiring service providers to protect data
  • Adequacy Decisions: Transfers to countries recognized by the EU or Canada as having adequate protections
  • Encryption: Data is encrypted in transit and at rest
  • Access Controls: Limited access to personal information on a need-to-know basis

8.3 EU/EEA Residents

For residents of the European Union or European Economic Area, we comply with GDPR requirements for international transfers. This includes using Standard Contractual Clauses and ensuring that service providers in third countries implement appropriate technical and organizational measures.

8.4 Your Rights Regarding International Transfers

You may contact us to learn more about where your data is processed and the safeguards in place. In some jurisdictions, you may have the right to object to international transfers or obtain copies of the safeguards we've implemented.

9. Your Rights and Choices

9.1 Access and Correction

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Information: Obtain information about how your data has been used and shared

You can access and update much of your information directly through your account settings. For additional requests, contact our Privacy Officer.

9.2 Data Deletion

You may request deletion of your personal information, subject to certain limitations. We may retain information when:

  • Required by law (e.g., 5-year retention under AML regulations)
  • Necessary to complete transactions or provide requested services
  • Needed to detect fraud or security incidents
  • Required to resolve disputes or enforce agreements
  • Necessary for legitimate business operations

When deletion is not possible, we will explain the legal basis for retention.

9.3 Consent Withdrawal

Where we rely on your consent to process personal information, you may withdraw that consent at any time by:

  • Updating your account preferences
  • Using unsubscribe links in emails
  • Contacting our Privacy Officer
  • Disabling certain features in your account

Note that withdrawing consent may affect our ability to provide certain services.

9.4 Data Portability

In certain circumstances, you have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another service provider. This right applies to:

  • Information you provided directly to us
  • Processing based on consent or contract
  • Processing carried out by automated means

9.5 Object to Processing

You may object to processing of your personal information when:

  • Processing is based on legitimate interests (we'll stop unless we have compelling grounds)
  • Information is used for direct marketing (we'll stop immediately)
  • Automated decisions produce legal or similarly significant effects (you can request human review)

9.6 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information (subject to exceptions)
  • Right to Opt-Out: Opt out of sale or sharing (note: we do not sell personal information)
  • Non-Discrimination: Right not to be discriminated against for exercising CCPA rights
  • Authorized Agent: Right to designate an agent to make requests on your behalf

9.7 How to Exercise Your Rights

To exercise any of these rights, please:

  • Email our Privacy Officer at info@invinciblepay.com
  • Submit a request through your account settings
  • Write to us at our mailing address (see Contact section)

We will respond to verified requests within the timeframes required by applicable law (typically 30-45 days). We may need to verify your identity before fulfilling your request to protect your privacy and security.

10. Data Retention

10.1 Retention Periods

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected. Retention periods vary based on:

  • The type of information
  • The services provided
  • Legal and regulatory requirements
  • Operational needs

10.2 Specific Retention Requirements

As a regulated financial services provider, we must retain certain records for specific periods:

Information TypeRetention PeriodLegal Basis
Customer identification documents5 years after account closurePCMLTFA (AML regulations)
Transaction records5 years from transaction datePCMLTFA (AML regulations)
Account records5 years after account closurePCMLTFA, RPAA
Compliance and audit records7 yearsGeneral business practice
Tax-related documents7 yearsIncome Tax Act
Marketing communications dataUntil consent withdrawn + 1 yearBusiness operations

10.3 Deletion and Anonymization

When retention is no longer necessary:

  • Personal information is securely deleted or destroyed
  • Information may be anonymized for statistical purposes
  • Backup systems are purged according to our retention schedule
  • Third-party processors are instructed to delete data

11. Security of Personal Information

11.1 Our Security Commitment

Protecting your personal information is a top priority. We implement comprehensive security measures to safeguard data against unauthorized access, use, disclosure, alteration, or destruction.

11.2 Technical Safeguards

Our technical security measures include:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Secure Infrastructure: Enterprise-grade cloud hosting with redundant systems
  • Firewalls and Intrusion Detection: Advanced network security monitoring
  • Multi-Factor Authentication: Required for account access and sensitive operations
  • Secure Development: Regular security testing and code reviews
  • Data Minimization: We collect and retain only necessary information
  • Tokenization: Sensitive financial data is tokenized when possible

11.3 Administrative Safeguards

Our organizational security measures include:

  • Access Controls: Strict role-based access to personal information
  • Employee Training: Regular privacy and security training for all staff
  • Background Checks: Screening of employees with access to sensitive data
  • Confidentiality Agreements: All employees sign confidentiality agreements
  • Vendor Management: Due diligence and ongoing monitoring of service providers
  • Incident Response Plan: Documented procedures for security incidents

11.4 Physical Safeguards

Physical security measures include:

  • Secure data centers with 24/7 monitoring
  • Restricted access to facilities and equipment
  • Secure disposal of physical documents
  • Environmental controls (fire, water, temperature)

11.5 Data Breach Response

In the event of a data breach that poses a real risk of significant harm:

  • We will investigate and contain the incident immediately
  • Affected individuals will be notified without undue delay
  • Regulatory authorities will be notified as required by law
  • We will provide information about the breach and steps you can take
  • We will implement additional measures to prevent future incidents

11.6 Your Security Responsibilities

You play an important role in protecting your information:

  • Keep your password confidential and use a strong, unique password
  • Enable multi-factor authentication
  • Don't share your account credentials
  • Keep your email and phone number up to date
  • Review your transaction history regularly
  • Log out after using shared devices
  • Report suspicious activity immediately

12. Cookies and Tracking Technologies

12.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website or use our services. They help us provide, protect, and improve our services.

12.2 Types of Cookies We Use

Cookie TypePurposeDuration
Essential CookiesRequired for platform functionality, security, and authenticationSession or up to 1 year
Performance CookiesHelp us understand how users interact with our servicesUp to 2 years
Functional CookiesRemember your preferences and settingsUp to 1 year
Security CookiesFraud detection and account protectionSession or up to 90 days

12.3 Managing Cookie Preferences

You can control cookies through:

  • Browser Settings: Most browsers allow you to block or delete cookies
  • Account Preferences: Manage optional cookies in your account settings
  • Opt-Out Tools: Use industry opt-out mechanisms for analytics cookies

Note that blocking essential cookies may affect platform functionality.

12.4 Other Tracking Technologies

We may also use:

  • Web Beacons: Small graphics that track email opens and interactions
  • Local Storage: Browser-based storage for session data
  • Device Fingerprinting: For fraud prevention and security (does not track across sites)
  • SDKs: In mobile apps to enable functionality and analytics

12.5 Do Not Track Signals

Our systems do not currently respond to "Do Not Track" browser signals, as there is no universal standard for how to interpret these signals. However, we provide you with meaningful choices about data collection through our privacy settings.

13. Children's Privacy

13.1 Age Restrictions

Invincible Pay's services are intended for individuals who are at least 18 years old (or the age of majority in their jurisdiction, whichever is higher). We do not knowingly collect personal information from children under 18.

13.2 Verification

During the account registration process, we verify that users meet our minimum age requirements through government-issued identification.

13.3 If We Learn of Underage Users

If we become aware that we have collected personal information from someone under 18 without proper verification:

  • We will immediately suspend the account
  • We will delete the personal information
  • We will take steps to prevent future access

13.4 Parents and Guardians

If you believe a minor has created an account with us, please contact our Privacy Officer immediately at info@invinciblepay.com.

14. Third-Party Websites and Services

14.1 Links to External Sites

Our website and communications may contain links to third-party websites, including:

  • Banking institutions where you hold accounts
  • Merchant websites where you make purchases
  • Social media platforms
  • Regulatory authorities and resources

14.2 No Control Over Third Parties

We are not responsible for the privacy practices of external websites. These sites have their own privacy policies that govern how they collect, use, and share your information.

14.3 Our Recommendation

We encourage you to:

  • Review the privacy policies of any external sites you visit
  • Understand what information they collect and how they use it
  • Make informed decisions about sharing your personal information

14.4 Integration Services

When you link external bank accounts or payment methods to your e-wallet, you may be directed to those institutions' websites to authenticate. This connection is governed by their privacy policies and the agreements you have with them.

Important: Invincible Pay cannot access your full bank account credentials when you link external accounts. We use secure, industry-standard methods (such as OAuth or bank-provided APIs) that protect your login information.

15. Contact Us

Privacy Contact Details

Company: Invincible Payment Systems Limited (Invincible Pay)

Email: info@invinciblepay.com

Phone: 672-886-1422

Mailing Address:

200-4909 50 Street, Red Deer, Alberta, T4N 1X8, Canada

Response Timeline

We aim to respond to all privacy inquiries within 30 days. For complex requests, we may extend this period by an additional 30 days and will inform you of the extension.

15.2 Filing Complaints

If you believe your privacy rights have been violated or if you're not satisfied with our response, you have the right to file a complaint with:

Office of the Privacy Commissioner of Canada

For federal privacy law (PIPEDA) complaints:

  • Website: www.priv.gc.ca
  • Phone: 1-800-282-1376
  • Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3

Provincial Privacy Commissioners

Depending on your location and the nature of your complaint, you may also contact your provincial privacy commissioner.

For EU Residents

EU/EEA residents may lodge complaints with their local data protection authority or with the authority in the member state where the alleged infringement occurred.

For California Residents

California residents may file complaints with the California Attorney General's office regarding CCPA violations.

16. Changes to This Privacy Policy

16.1 How We Notify You of Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will notify you by:

  • Sending an email to the address associated with your account
  • Posting a prominent notice on our website and platform
  • Displaying a notification when you log into your account
  • Updating the "Effective Date" at the top of this policy

16.2 Your Acceptance

Your continued use of our services after we post changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you may close your account by contacting us.

16.3 Material Changes

For significant changes that materially affect your rights, we may:

  • Request your explicit consent to continue using the services
  • Provide additional notice or explanation
  • Offer options to opt out of new uses of your information

16.4 Review This Policy Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

Last Updated: November 1, 2025

Effective Date: November 1, 2025

Next Scheduled Review: November 1, 2026

17. Glossary of Terms

For your convenience, here are definitions of key privacy and technical terms used in this policy:

  • AML (Anti-Money Laundering): Laws and regulations designed to prevent money laundering and terrorist financing
  • Anonymization: Process of removing personally identifiable information so data cannot be linked to an individual
  • CCPA: California Consumer Privacy Act
  • Data Controller: Entity that determines the purposes and means of processing personal data
  • Data Processor: Entity that processes personal data on behalf of a controller
  • E-Wallet: Digital wallet for storing and managing funds electronically
  • Electronic Fund Transfer: Digital transfer of funds between accounts
  • Encryption: Process of encoding information to prevent unauthorized access
  • FINTRAC: Financial Transactions and Reports Analysis Centre of Canada
  • GDPR: General Data Protection Regulation (EU)
  • KYC: Know Your Customer - identity verification procedures
  • PCMLTFA: Proceeds of Crime (Money Laundering) and Terrorist Financing Act
  • PEP: Politically Exposed Person
  • Personal Information: Information about an identifiable individual
  • PIPEDA: Personal Information Protection and Electronic Documents Act
  • Processing: Any operation performed on personal data
  • RPAA: Retail Payment Activities Act
  • Tokenization: Replacing sensitive data with non-sensitive substitutes