Privacy Policy
A legal disclaimer
This Privacy Policy (“Policy”) governs the collection, use, disclosure, and protection of personal information by EVENDOUGH HOLDING LTD, a corporation incorporated under the laws of Canada and registered as a Money Services Business with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) (“Company,” “we,” “us,” or “our”). This Policy applies to personal information collected through our Monetoria platform and related financial services, and is effective as of June 26, 2025. This Policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws.
1. Application and Scope
This Privacy Policy applies to all personal information collected through the Monetoria platform and associated financial services (“Services”). The Services include, but are not limited to, multi-currency account management, international money transfers through SEPA and SWIFT networks, and related financial operations. “Personal Information” means any information about an identifiable individual, including name, contact details, financial information, identification documents, and transaction history. This may include information provided directly by you when using our Services, information we collect automatically through your use of the platform, and information we receive from third parties in accordance with applicable laws and regulations.
This Policy covers all interactions with our Services, whether through our website, mobile applications, or other digital interfaces. It applies to both individual and business customers using the Monetoria platform, regardless of geographic location within our service areas. For clarity, this Policy does not apply to third-party websites or services that may be accessed through links on our platform.
2. Information We Collect
We collect and maintain various types of personal information about our users to provide and improve our Services. This includes:
“Personal Information” required for Know Your Customer (KYC) and Know Your Business (KYB) compliance, including but not limited to: full legal name, date of birth, residential or business address, government-issued identification documents, tax identification numbers, and other documentation necessary to verify your identity in accordance with FINTRAC requirements.
“Transaction Data” related to your financial activities on our platform, including: account balances, payment instructions, transfer details, transaction history, source and destination of funds, currency exchange rates applied, and related banking information such as IBAN and SWIFT codes.
We also collect technical and usage information automatically when you use our Services, including: device identifiers, IP addresses, browser type and version, operating system details, geographic location data, login timestamps, and platform usage patterns. This information is collected through cookies, log files, and similar tracking technologies to maintain platform security, prevent fraud, and analyze service performance.
Additionally, we gather analytics data about how you interact with our platform, including pages visited, features used, transaction patterns, and other behavioral metrics that help us improve our Services and user experience while maintaining compliance with applicable regulations.
3. Purposes for Collection and Use
We collect and use personal information for specific, identified purposes that are reasonable and necessary to provide our Services. These purposes include:
Account Management and Service Delivery: We use personal information to create and manage your Monetoria account, verify your identity, process your applications, and provide you with access to our platform and services. This includes maintaining accurate account records and providing customer support.
Transaction Processing and Payment Services: Your personal information is necessary to facilitate financial transactions, process payments, execute currency exchanges, and manage SEPA and SWIFT transfers. This includes verifying transaction details, preventing fraud, and maintaining accurate transaction records.
Legal and Regulatory Compliance: As a registered Money Services Business, we are required to collect and use personal information to comply with anti-money laundering (AML) regulations, know-your-customer (KYC) requirements, and other legal obligations under FINTRAC guidelines and applicable financial services laws.
Service Improvement and Business Operations: We analyze user behavior, transaction patterns, and platform usage to improve our services, develop new features, enhance security measures, and optimize user experience. This includes conducting market research, generating statistical analyses, and maintaining service quality.
We will not collect, use, or disclose personal information for purposes other than those identified above, except with your consent or as required by law. If we need to use your personal information for a new purpose, we will notify you and obtain your consent before proceeding.
4. Consent and Legal Basis
We collect, use, and disclose your personal information primarily based on your consent. By using our Services, you provide express consent for the collection and processing of your personal information for the purposes outlined in this Policy. Your consent can be withdrawn at any time, subject to legal or contractual restrictions and reasonable notice, though this may impact our ability to provide you with certain Services. We may also rely on implied consent in certain circumstances, such as when sending service-related communications or when collecting information through cookies that are necessary for the functioning of our platform. For marketing communications, we will obtain your express consent and provide clear opt-out mechanisms.
In addition to consent, we may collect, use, or disclose personal information where required or permitted by law. As a registered Money Services Business, we have legal obligations under FINTRAC regulations to collect and retain certain personal information for identity verification, transaction monitoring, and suspicious activity reporting. We may also process personal information to comply with court orders, warrants, or other legal requirements, or to establish, exercise, or defend legal claims.
Where we rely on consent as the basis for processing your personal information, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of processing based on consent before its withdrawal, nor will it affect processing carried out on other legal grounds.
5. Disclosure of Personal Information
We may disclose your personal information to third parties and service providers in the following circumstances:
We share personal information with trusted third-party service providers who assist us in operating our platform, conducting our business, and providing services to you, including payment processors, banking partners, and technology providers. These service providers are contractually bound to protect your personal information and may only use it for the specific purposes we authorize.
We may disclose personal information to regulatory authorities, including FINTRAC, as required by law or regulation. This includes reporting suspicious transactions and complying with anti-money laundering and counter-terrorist financing obligations. We may also disclose information in response to valid requests from law enforcement agencies, court orders, or other legal processes.
In the event of a business transaction, such as a merger, acquisition, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal information.
We do not sell, rent, or trade your personal information to third parties for marketing
purposes. Any disclosure of personal information is made only when necessary to provide our services or when required by law, and always in accordance with this Privacy Policy and applicable privacy laws.
6. Data Retention and Storage
We retain personal information for as long as necessary to fulfill the purposes for which it was collected and to comply with applicable laws and regulations. As a registered Money Services Business, we are required by FINTRAC to maintain certain records for a minimum period of five (5) years from the date of the transaction or the termination of the business relationship, as applicable. This includes records of transactions, account relationships, and customer identification information.
All personal information is stored in secure data centers located within Canada. We maintain strict physical, electronic, and administrative safeguards to protect personal information against unauthorized access, disclosure, or misuse. Our data centers employ industry-standard security measures including encryption, firewalls, and access controls. We regularly review and update our retention practices to ensure compliance with regulatory requirements while minimizing the retention of unnecessary personal information.
Upon the expiration of the applicable retention period, we will securely destroy, delete, or anonymize personal information in accordance with industry standards and applicable laws.
If we are required to retain information beyond our standard retention period due to legal obligations or ongoing business needs, we will maintain appropriate security measures throughout the extended retention period.
7. Safeguards and Security
We implement and maintain appropriate physical, technical, and organizational security measures to protect Personal Information against unauthorized access, disclosure, alteration, or destruction. These Security Measures include:
We employ industry-standard encryption protocols for data in transit and at rest, including TLS 1.3 for all web communications and AES-256 encryption for stored data. Access to Personal Information is strictly controlled through role-based access controls, multi-factor authentication, and regular access reviews. We maintain detailed audit logs of all system access and modifications to Personal Information.
Our security infrastructure includes firewalls, intrusion detection systems, and 24/7 security monitoring. We conduct regular security assessments and penetration testing of our systems and applications. All employees undergo mandatory security awareness training and must comply with our information security policies.
We maintain a comprehensive incident response plan that includes procedures for
detecting, reporting, and investigating potential security breaches. In the event of a security incident affecting Personal Information, we will notify affected individuals and relevant authorities as required by applicable law and take appropriate measures to contain and remediate the incident.
While we implement these Security Measures, no method of electronic storage or transmission is 100% secure. We therefore cannot guarantee absolute security but commit to taking all reasonable steps to protect Personal Information in our possession.
8. Access and Correction Rights
Under PIPEDA and applicable privacy laws, you have the right to access your personal information under our control and to challenge the accuracy and completeness of the information. Upon written request, we will provide you with access to your personal information within 30 days, subject to certain exceptions permitted by law. You may verify the accuracy and completeness of your personal information, and may request that it be amended or corrected as appropriate.
To request access to your personal information or to request a correction, you must submit your request in writing to our Privacy Officer using the contact information provided in Section 11. Your request must provide sufficient detail to allow us to identify the information you are seeking. We may require proof of your identity before providing you with access to your personal information.
You may also request the deletion of your personal information where there is no longer a legal or business purpose for its retention. However, we may be required to retain certain information to comply with our legal and regulatory obligations, particularly those related to anti-money laundering and counter-terrorist financing requirements. In such cases, we will inform you of the reasons why we cannot delete the requested information.
If you are not satisfied with our response to your access, correction, or deletion request, you may file a complaint with the Privacy Commissioner of Canada or your provincial privacy commissioner, as applicable.
9. Cookies and Tracking Technologies
We use cookies, web beacons, pixels, and similar tracking technologies (collectively
“Cookies”) on our Monetoria platform to enhance user experience and collect analytics data. These technologies allow us to recognize your device and collect information about how you interact with our Services.
The types of Cookies we use include:
Essential Cookies: These are strictly necessary for the platform to function properly, enabling core features like secure login sessions and transaction processing. These cannot be disabled.
Performance and Analytics Cookies: We use these to analyze how visitors use our platform, track performance metrics, and identify areas for improvement. This includes collecting anonymous statistical data about navigation patterns, site usage, and user behavior.
Marketing and Preference Cookies: These help us deliver more relevant content and
promotional materials based on your interests and preferences. They also enable us to measure the effectiveness of our marketing campaigns.
You can control most Cookies through your browser settings. However, blocking certain Cookies may impact your ability to use some features of our platform. We retain Cookie data only for as long as necessary to fulfill the purposes outlined above, in accordance with our data retention policies.
Our analytics tools may include Google Analytics and similar third-party services that help us understand platform usage patterns and optimize our Services. These service providers may collect and process data according to their own privacy policies, which we encourage you to review.
10. Cross-Border Data Transfers
Due to the international nature of our Services and the operation of the SWIFT network for international payments, personal information may be transferred, processed, and stored in jurisdictions outside of Canada. When conducting such transfers, we ensure that appropriate safeguards are in place to provide a level of data protection comparable to that required under Canadian privacy laws.
For transfers through the SWIFT network, we comply with all applicable requirements and security standards mandated by SWIFT. For other international transfers, we implement appropriate data transfer mechanisms, including contractual safeguards such as standard contractual clauses, and ensure recipient jurisdictions maintain adequate data protection standards as recognized by Canadian privacy authorities.
We will not transfer personal information to jurisdictions that do not provide adequate protection unless: (1) we have obtained your explicit consent; (2) the transfer is necessary for the performance of a contract between you and the Company; or (3) the transfer is required by law or necessary for important public interest reasons.
11. Privacy Complaints and Contact Information
If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, you may contact our Privacy Officer at compliance@monetoria.io Our Privacy Officer will respond to your inquiry within 30 days of receipt.
If you are not satisfied with our response to your privacy concern, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada. The Commissioner’s office can be reached at: Office of the Privacy Commissioner of Canada 30 Victoria Street Gatineau, Quebec K1A 1H3 Toll-free: 1-800-282-1376 Website: www.priv.gc.ca We are committed to working with you to obtain a fair resolution of any privacy complaint or concern. However, if you believe that we have not been able to address your complaint or concern adequately, you have the right to contact the Privacy Commissioner of Canada, who enforces PIPEDA and can investigate privacy complaints.
12. Changes to Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Any material changes to this Policy will be communicated to users through prominent notices on our Monetoria platform at least thirty (30) days before such changes take effect. The notice will include a summary of the key changes and their potential impact on users’ privacy rights. The effective date of the Policy will be updated to reflect any modifications. Users’ continued use of our Services following the posting of changes constitutes acceptance of such changes. If any change is unacceptable to you, you should cease using our Services and close your account. We encourage users to periodically review this Privacy Policy to stay informed about how we collect, use, and protect personal information.
Historical versions of this Privacy Policy will be archived and made available upon written request to our Privacy Officer. Questions about changes to this Policy can be directed to our Privacy Officer using the contact information provided in Section 11.